Other machine 'sticky' & glitchy - maybe same issue as other thread

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Loosie

PCHF Member
PCHF Member
Feb 28, 2017
96
6
49
Hi, now this is my daughter's machine, which I also installed Avast on. Since removed that, but it still shows it's there. She hasn't had the BSOD but the computer has frozen on her repeatedly & is generally sticky, regardless of my doing the reg. cleanup & maint & coming up with nothing. So, without further ado, FRST & aswmbr below...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2020
Ran by Jessica (administrator) on DESKTOP-F2VBB3S (Acer Aspire One 753) (30-04-2020 15:43:32)
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available Profiles: user & Jessica)
Platform: Windows 10 Pro Version 1903 18362.778 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Sun Microsystems, Inc. -> Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2017-05-19] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140376 2020-04-25] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-28] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2018-11-19]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF77851-2781-4849-A68B-A39417830E40} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {10C2EF1A-09E0-4B59-A011-D63C8938B97C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {210B8624-6B5D-4353-AD95-81C080ED6D63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4581778B-7F5B-4C0C-95EB-BD2723C7FC57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {936F5CBB-5909-4736-AA57-54330EA4FCBF} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {9D8B415D-39A3-4B67-99C1-7A31E7B3D827} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1C812F5-9614-44CD-B52B-9ECED10C41FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C53D4F3E-FD00-403F-8068-3263C320C24F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-19] (Google Inc -> Google Inc.)
Task: {CBF7FC4A-312A-41E6-AF23-715BE022473A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-19] (Google Inc -> Google Inc.)
Task: {EE0D6D7D-0729-4880-931F-6B231FA38E56} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2955138462-254338748-7883881-1001 => C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{03292477-1f0a-4207-925b-6e0b207770b3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-05-19] (Sun Microsystems, Inc.) [File not signed]

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default [2020-04-30]

FireFox:
========
FF DefaultProfile: y34y7ngm.default
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default [2020-04-19]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default\Extensions\[email protected] [2020-03-24]
FF Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default\Extensions\[email protected] [2020-03-24]

Chrome:
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default [2020-04-19]
CHR Extension: (Slides) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19]
CHR Extension: (Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-19]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-19]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-04-19]
CHR Extension: (Sheets) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-19]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-19]
CHR Extension: (Gmail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmService; C:\WINDOWS\System32\CmService.dll [821776 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1390904 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [3420672 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\elevation_service.exe [1125264 2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [41992 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-25] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-25] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3498512 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-21] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-02-23] (Microsoft Corporation) [File not signed]
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [36368 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S3 iaStorB; C:\WINDOWS\System32\drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-05] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [161864 2015-10-02] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
S3 l2bridge; C:\WINDOWS\System32\drivers\l2bridge.sys [58384 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1410560 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [39736 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-04-21] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-21] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-30 15:43 - 2020-04-30 15:45 - 000014589 _____ C:\Users\Jessica\Desktop\FRST.txt
2020-04-30 15:43 - 2020-04-30 15:44 - 000000000 ____D C:\FRST
2020-04-30 15:37 - 2020-04-30 15:40 - 002283008 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2020-04-30 15:37 - 2020-04-30 15:38 - 005200384 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswmbr.exe
2020-04-30 15:32 - 2020-04-30 15:32 - 000000000 ____D C:\Users\Jessica\Desktop\New folder
2020-04-30 15:24 - 2020-04-30 15:24 - 000000000 ____D C:\Users\Jessica\AppData\Local\D3DSCache
2020-04-30 15:23 - 2020-04-30 15:23 - 000000017 _____ C:\Users\Jessica\AppData\Local\resmon.resmoncfg
2020-04-30 14:48 - 2020-04-30 14:50 - 000000000 ____D C:\AdwCleaner
2020-04-30 14:35 - 2020-04-30 14:36 - 003039256 _____ ( ) C:\Users\Jessica\Downloads\Firefox Setup 75.0_1542657230.exe
2020-04-23 10:40 - 2020-04-23 10:44 - 002254054 _____ C:\Users\Jessica\Downloads\Food Chains and Webs Worksheet.pdf
2020-04-23 10:15 - 2020-04-23 10:15 - 001096081 _____ C:\Users\Jessica\Downloads\science CAT.pptx
2020-04-21 12:38 - 2020-04-21 12:39 - 000505980 _____ C:\Users\Jessica\Downloads\Victorias_Tourism_Regions_map_2017 (1).pdf
2020-04-21 12:22 - 2020-04-21 12:22 - 000000000 ____D C:\ProgramData\Samsung
2020-04-21 12:20 - 2020-04-21 12:22 - 000614647 _____ C:\Users\Jessica\Documents\geography.pdf
2020-04-21 12:16 - 2020-04-21 12:16 - 000505980 _____ C:\Users\Jessica\Downloads\Victorias_Tourism_Regions_map_2017.pdf
2020-04-20 13:04 - 2020-04-20 13:05 - 000651558 _____ C:\Users\Jessica\Downloads\chocolate chuckwallas.pptx
2020-04-19 10:57 - 2020-04-30 15:32 - 000000000 ____D C:\Users\Jessica\Desktop\PC prework
2020-04-19 10:56 - 2020-04-28 09:50 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-28 09:50 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-28 09:50 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-19 10:56 - 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-04-19 10:56 - 2020-04-19 10:56 - 000000837 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-04-19 10:56 - 2020-04-19 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-04-19 10:56 - 2020-04-19 10:56 - 000000000 ____D C:\Program Files\Speccy
2020-04-19 10:53 - 2020-04-19 10:53 - 006889184 _____ (Piriform Ltd) C:\Users\Jessica\Downloads\spsetup132.exe
2020-04-19 10:45 - 2020-04-30 14:44 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-04-19 10:45 - 2020-04-30 14:44 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-04-19 10:45 - 2020-04-30 14:44 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-04-19 10:43 - 2020-04-30 14:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-04-19 10:43 - 2020-04-30 14:37 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-04-19 10:19 - 2020-04-30 14:50 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2020-04-19 10:19 - 2020-04-19 10:19 - 000000000 ___SD C:\WINDOWS\system32\containers
2020-04-17 10:17 - 2020-04-17 11:03 - 000014410 _____ C:\Users\Jessica\Documents\fitness program.odt
2020-04-17 09:58 - 2020-04-17 09:58 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 003420672 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002399544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-17 09:58 - 2020-04-17 09:58 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000291848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000216888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000140088 _____ C:\WINDOWS\system32\nmscrub.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000129336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000048440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-17 09:57 - 2020-04-17 09:58 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-17 09:57 - 2020-04-17 09:57 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-17 09:56 - 2020-04-17 09:56 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-17 09:56 - 2020-04-17 09:56 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-17 09:56 - 2020-04-17 09:56 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-17 09:39 - 2020-03-17 13:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 09:39 - 2020-03-17 13:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-14 10:39 - 2020-04-18 17:25 - 000280920 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-30 15:43 - 2019-03-19 14:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-30 15:22 - 2020-02-22 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-30 15:10 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-30 15:10 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-30 15:07 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-30 14:57 - 2020-02-22 23:42 - 000935256 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-30 14:52 - 2019-12-29 10:50 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\Origin
2020-04-30 14:52 - 2019-12-29 10:50 - 000000000 ____D C:\Users\Jessica\AppData\Local\Origin
2020-04-30 14:52 - 2019-12-24 18:02 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-30 14:52 - 2019-12-24 17:54 - 000000000 ____D C:\ProgramData\Origin
2020-04-30 14:51 - 2020-02-22 23:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-30 14:50 - 2020-02-22 23:34 - 000000000 ____D C:\Users\Jessica
2020-04-30 14:50 - 2019-03-19 14:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-28 16:07 - 2020-02-22 23:50 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{77749CBB-3810-4A38-9446-2BE2110AF5A1}
2020-04-28 14:51 - 2019-03-19 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-25 13:28 - 2019-12-29 10:55 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-21 09:30 - 2019-01-26 22:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-20 12:58 - 2018-11-19 13:30 - 000000000 ____D C:\Users\Jessica\AppData\Local\Packages
2020-04-19 10:56 - 2018-11-19 14:06 - 000000000 ____D C:\Program Files (x86)\Google
2020-04-19 10:56 - 2018-11-19 14:05 - 000000000 ____D C:\Users\Jessica\AppData\Local\Google
2020-04-19 10:37 - 2018-12-27 14:20 - 000000000 ____D C:\Users\Jessica\AppData\Local\CrashDumps
2020-04-19 10:19 - 2018-11-19 14:07 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\AVAST Software
2020-04-19 10:19 - 2018-11-19 13:58 - 000000000 ____D C:\ProgramData\AVAST Software
2020-04-19 10:18 - 2020-03-15 14:00 - 000416568 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2020-04-19 10:18 - 2020-03-15 13:57 - 000243512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2020-04-19 10:18 - 2020-03-15 13:57 - 000024888 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 006519608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 002427048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2020-04-19 10:18 - 2020-02-23 23:30 - 000821776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmService.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmclient.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000119312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000070160 _____ C:\WINDOWS\system32\cmdiag.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 003498512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 001390904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeAgent.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000902456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandbox.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000677176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000457528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000346936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\madrid.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000111632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2020-04-19 10:18 - 2020-02-23 17:57 - 000085008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000067584 _____ C:\WINDOWS\system32\cmimageworker.exe
2020-04-19 10:18 - 2019-03-19 14:58 - 000058384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2020-04-19 10:18 - 2019-03-19 14:58 - 000041992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2020-04-19 10:18 - 2019-03-19 14:57 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000047120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000038712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000663568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000503304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000478216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000415784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000408080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000305160 _____ C:\WINDOWS\system32\vp9fs.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000298512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000294952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000286216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000281104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2020-04-19 10:18 - 2019-03-19 14:56 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000239928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2020-04-19 10:18 - 2019-03-19 14:56 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000205624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000157728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2020-04-19 10:18 - 2019-03-19 14:56 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000078856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000076816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000036600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2020-04-19 10:18 - 2019-03-19 14:56 - 000031544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000028688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000027664 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000006658 _____ C:\WINDOWS\system32\VmChipset Third-Party Notices.txt
2020-04-19 10:04 - 2018-11-10 14:46 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-19 10:03 - 2018-11-19 14:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-19 09:58 - 2018-12-25 08:33 - 000000000 ____D C:\Users\Jessica\AppData\LocalLow\Mozilla
2020-04-19 00:12 - 2020-02-22 23:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-19 00:12 - 2020-02-22 23:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-18 19:50 - 2020-02-22 23:50 - 000003300 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{36186677-9CAD-4271-8CDF-54EC84FFB1E7}
2020-04-18 19:50 - 2020-02-22 23:50 - 000002844 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2955138462-254338748-7883881-1001
2020-04-18 17:24 - 2019-03-19 16:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-17 09:52 - 2019-03-19 14:57 - 000014336 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-04-14 10:20 - 2019-12-29 17:27 - 000001440 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2020-04-14 10:20 - 2019-12-29 17:27 - 000001440 _____ C:\ProgramData\Desktop\The Sims 4.lnk

==================== Files in the root of some directories ========

2020-02-18 10:54 - 2020-02-18 10:54 - 000000000 ____H () C:\Users\Jessica\AppData\Local\BITB501.tmp
2018-12-26 15:54 - 2018-12-26 15:54 - 000000000 ____H () C:\Users\Jessica\AppData\Local\BITC0DC.tmp
2020-04-30 15:23 - 2020-04-30 15:23 - 000000017 _____ () C:\Users\Jessica\AppData\Local\resmon.resmoncfg
2018-12-26 15:53 - 2018-12-26 15:53 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{564C5B4E-A7B6-4DB4-A2C1-DA5EB2CEE90C}
2020-03-04 18:48 - 2020-03-04 18:48 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{C9EB6DA1-2DAB-4023-AF4C-2B7E78B7FD9D}
2020-02-18 10:48 - 2020-02-18 10:48 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{EF1D957A-4A4A-48CA-AFD8-95E5FDA7BB0D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2020
Ran by Jessica (30-04-2020 15:47:08)
Running from C:\Users\Jessica\Desktop
Windows 10 Pro Version 1903 18362.778 (X64) (2020-02-22 13:51:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2955138462-254338748-7883881-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2955138462-254338748-7883881-503 - Limited - Disabled)
Guest (S-1-5-21-2955138462-254338748-7883881-501 - Limited - Disabled)
Jessica (S-1-5-21-2955138462-254338748-7883881-1002 - Administrator - Enabled) => C:\Users\Jessica
user (S-1-5-21-2955138462-254338748-7883881-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-2955138462-254338748-7883881-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.21 - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 10.5.68.39605 - Electronic Arts, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.62.67.1020 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Jessica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2009-04-17 06:02 - 2009-04-17 06:02 - 000970752 _____ () [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-04-17 06:30 - 2009-04-17 06:30 - 013912064 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\icudt40.dll
2009-04-17 06:30 - 2009-04-17 06:30 - 000949760 _____ (IBM Corporation and others) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\icuuc40.dll
2009-04-23 23:29 - 2009-04-23 23:29 - 007418368 _____ (OpenOffice.org) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
2009-04-17 05:57 - 2009-04-17 05:57 - 000597504 _____ (STLport Consulting, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
2009-04-17 06:07 - 2009-04-17 06:07 - 000129024 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\aggmi.dll
2009-04-17 11:28 - 2009-04-17 11:28 - 000200704 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\avmediami.dll
2009-04-17 06:34 - 2009-04-17 06:34 - 000573952 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\basegfxmi.dll
2009-04-17 07:01 - 2009-04-17 07:01 - 000031232 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\behelper.uno.dll
2009-04-17 08:02 - 2009-04-17 08:02 - 000498176 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\canvastoolsmi.dll
2009-04-17 06:37 - 2009-04-17 06:37 - 000949248 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\comphelp4MSC.dll
2009-04-17 07:03 - 2009-04-17 07:03 - 001432064 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\configmgr2.uno.dll
2009-04-17 08:07 - 2009-04-17 08:07 - 000285184 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\cppcanvasmi.dll
2009-04-23 11:35 - 2009-04-23 11:35 - 000809984 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\drawinglayermi.dll
2009-04-17 06:39 - 2009-04-17 06:39 - 000148992 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\emsermi.dll
2009-04-17 08:11 - 2009-04-17 08:11 - 000849408 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\fwemi.dll
2009-04-17 08:09 - 2009-04-17 08:09 - 000299008 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\fwimi.dll
2009-04-17 08:14 - 2009-04-17 08:14 - 001880064 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\fwkmi.dll
2009-04-17 08:11 - 2009-04-17 08:11 - 000106496 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\fwlmi.dll
2009-04-23 11:10 - 2009-04-23 11:10 - 000295936 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\gomi.dll
2009-04-17 06:45 - 2009-04-17 06:45 - 000024576 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\i18nisolang1MSC.dll
2009-04-23 11:03 - 2009-04-23 11:03 - 000067072 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\i18nutilMSC.dll
2009-04-17 07:43 - 2009-04-17 07:43 - 000032768 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\jmi_g.dll
2009-04-17 11:26 - 2009-04-17 11:26 - 000982016 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\lngmi.dll
2009-04-17 07:17 - 2009-04-17 07:17 - 000030208 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\localebe1.uno.dll
2009-04-17 14:57 - 2009-04-17 14:57 - 000088576 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\logmi.dll
2009-04-17 15:01 - 2009-04-17 15:01 - 000280576 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\oleautobridge.uno.dll
2009-04-17 14:58 - 2009-04-17 14:58 - 000024576 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\oooimprovecoremi.dll
2009-04-17 14:58 - 2009-04-17 14:58 - 000089088 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\oooimprovementmi.dll
2009-04-17 06:40 - 2009-04-17 06:40 - 000135680 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sax.uno.dll
2009-04-17 06:39 - 2009-04-17 06:39 - 000080384 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\saxmi.dll
2009-04-17 09:02 - 2009-04-17 09:02 - 001310720 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sbmi.dll
2009-04-23 18:14 - 2009-04-23 18:14 - 003120640 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sfxmi.dll
2009-04-17 14:37 - 2009-04-17 14:37 - 000326144 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sofficeapp.dll
2009-04-17 07:03 - 2009-04-17 07:03 - 000257024 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sotmi.dll
2009-04-17 09:11 - 2009-04-17 09:11 - 000496640 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\stsmi.DLL
2009-04-17 07:35 - 2009-04-17 07:35 - 000730624 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\svlmi.dll
2009-04-17 07:36 - 2009-04-17 07:36 - 002887168 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\svtmi.dll
2009-04-23 13:39 - 2009-04-23 13:39 - 009185280 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\svxmi.dll
2009-04-17 07:01 - 2009-04-17 07:01 - 000037888 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\sysmgr1.uno.dll
2009-04-17 07:25 - 2009-04-17 07:25 - 001870336 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\tkmi.dll
2009-04-17 06:56 - 2009-04-17 06:56 - 000510464 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\tlmi.dll
2009-04-17 06:46 - 2009-04-17 06:46 - 000197632 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\ucb1.dll
2009-04-17 06:35 - 2009-04-17 06:35 - 000356864 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\ucbhelper4MSC.dll
2009-04-17 06:46 - 2009-04-17 06:46 - 000243712 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\ucpfile1.dll
2009-04-17 06:59 - 2009-04-17 06:59 - 000465920 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\utlmi.dll
2009-04-17 07:11 - 2009-04-17 07:11 - 003070976 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\vclmi.dll
2009-04-17 06:08 - 2009-04-17 06:08 - 000094208 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\vos3MSC.dll
2009-04-17 06:59 - 2009-04-17 06:59 - 000529920 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\xcrmi.dll
2009-04-17 08:31 - 2009-04-17 08:31 - 002898432 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\Basis\program\xomi.dll
2009-04-17 06:44 - 2009-04-17 06:44 - 000453632 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
2009-04-17 06:29 - 2009-04-17 06:29 - 000143872 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
2009-04-17 06:32 - 2009-04-17 06:32 - 000431104 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
2009-04-17 06:31 - 2009-04-17 06:31 - 000024064 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmaccess3MSC.dll
2009-04-17 06:34 - 2009-04-17 06:34 - 000089600 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
2009-04-17 06:38 - 2009-04-17 06:38 - 000052224 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
2009-04-17 06:29 - 2009-04-17 06:29 - 000018432 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\purpenvhelper3MSC.dll
2009-04-17 06:11 - 2009-04-17 06:11 - 000093184 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
2009-04-17 06:05 - 2009-04-17 06:05 - 001732608 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
2009-04-17 06:07 - 2009-04-17 06:07 - 000013824 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
2009-04-17 06:44 - 2009-04-17 06:44 - 000092672 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
2009-04-17 06:09 - 2009-04-17 06:09 - 000078336 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
2009-04-17 06:29 - 2009-04-17 06:29 - 000012800 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\unsafe_uno_uno.dll
2009-04-17 06:03 - 2009-04-17 06:03 - 000086016 _____ (Sun Microsystems, Inc.) [File not signed] C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 17:24 - 2019-01-30 11:36 - 000001154 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-02-25 17:23 - 2020-02-25 17:29 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2955138462-254338748-7883881-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: Hyper-V Extensible Virtual Switch -> vms_pp (disabled)
Ethernet 2: Bridge Driver -> ms_l2bridge (enabled)
Wi-Fi 2: Hyper-V Extensible Virtual Switch -> vms_pp (disabled)
Wi-Fi 2: Bridge Driver -> ms_l2bridge (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\StartupFolder: => "Shrink Pic.lnk"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\Run: => "DownloadAccelerator"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\Run: => "EADM"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63057E57-5B00-4AF2-98C4-394B543D5057}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DEE752B-F497-48D4-A908-A3756A9E57A1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9182AD51-D687-45EA-A26C-0A70274FEF54}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{EC918EE4-6A40-4A77-A144-8AF9ED217DBA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E251AD28-966B-4939-B54B-0F2334D1CC47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{F82AA30C-79E5-476B-8F93-931A224851C4}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{4D4B0F5B-A010-4425-B6ED-FE2812F04D5B}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{7916256F-344D-455C-95A5-C0DBF585EBCB}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{637D2C7F-C118-4920-9C77-DFB22C7F109D}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{465028D0-4473-40B4-A1B3-B40552DDE357}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2E7A53A6-EA93-4AE5-A0E5-7CDBF2824E7B}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F2D9FD59-EA90-4A81-A94A-BDF3EE53CFA8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F46C6A0B-D3A9-45ED-8C0E-61B90BC58803}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{BE05CCDB-013A-4C6B-9491-7B3ED005DB6F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{19106FCE-2FCE-49F3-BA3E-8C4E80AD7B5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{4DE9A76B-4586-4E8C-AA51-C21242FA9B4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4AAE441C-E46A-4175-8B71-2A3F469395C5}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-04-2020 15:48:12 restore point 29-4-20

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/30/2020 03:34:36 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (68,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/30/2020 03:22:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\0c0b836a-8a8a-4950-9cbf-eecc915bd6ee\BaseLayer) was not optimized because an error was encountered: The disk was disconnected from the system. (0x89000011)

Error: (04/30/2020 03:15:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/30/2020 02:47:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3296,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/30/2020 02:40:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2904,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2020 04:20:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7272,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2020 03:59:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2728,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/28/2020 09:49:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9928,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (04/30/2020 02:51:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/30/2020 02:51:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/30/2020 02:50:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/30/2020 02:50:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hyper-V Host Compute Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/30/2020 02:33:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:14:26 PM on ‎4/‎28/‎2020 was unexpected.

Error: (04/28/2020 03:59:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.

Error: (04/28/2020 03:56:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPSvc service.

Error: (04/28/2020 03:14:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:09:22 PM on ‎4/‎28/‎2020 was unexpected.


Windows Defender:
===================================
Date: 2020-04-23 10:58:21.956
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CB3CAD17-D16E-4CAC-9956-8FB9001B5EEB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 10:53:00.442
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DFCCDD67-B1EA-4177-A894-521FED89C629}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 10:40:32.835
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EDAA5307-86A8-4B76-AAC5-41440992BE1B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 09:27:34.403
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B9F4A774-89E5-4143-A640-3240F69BD454}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 09:16:12.918
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3F1E42B8-15CF-460C-9981-31469A375043}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-28 13:23:24.447
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2474.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-04-27 10:28:59.492
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-04-27 09:16:01.355
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-27 09:16:01.338
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-27 09:16:01.323
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-04-18 17:28:18.460
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:28:17.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:28:16.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:27:29.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.896
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.775
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.655
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: INSYDE V1.29 12/8/2011
Motherboard: Intel Corp. JV10_CS
Processor: Intel(R) Celeron(R) CPU U3600 @ 1.20GHz
Percentage of memory in use: 66%
Total physical RAM: 3765.86 MB
Available physical RAM: 1272.22 MB
Total Virtual: 4469.86 MB
Available Virtual: 1196.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.28 GB) (Free:52.2 GB) NTFS

\\?\Volume{7cb7544b-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.6 GB) NTFS
\\?\Volume{7cb7544b-0000-0000-0000-30b11d000000}\ () (Fixed) (Total:0.47 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 7CB7544B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=484 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Loosie

PCHF Member
PCHF Member
Feb 28, 2017
96
6
49
Oops, NOW we've had a BSOD, when I tried to do the aswMBR scan. I *did not* choose to use Avast when doing the scan. It started, then crashed on me. Stop code said Driver IRQL not less or equal. Will go see if there's a dump file to show for it.
 

Loosie

PCHF Member
PCHF Member
Feb 28, 2017
96
6
49
Minidump; tried to put it in a zip file to attach here but it say's 'Out of bounds. Press OK to ignore & risk data corruption'. Nothing happened when I pressed OK except computer froze for a short while.
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
4,364
1,833
pchelpforum.net
Hello Loosie, I'm Gus and will try to help you. Please read the following and if you agree we can proceed.

Whilst I will not be assisting with any BSOD issues I will check over your PC and get rid of some Avast remnants.

  • Please let me know if you are receiving help at another forum on this issue so I can close this thread?
  • Please agree to stay with me till we give you the all clear
  • Please do not run any tools other than the ones we ask you to, some can be very dangerous and actually make things worse.
  • Should any tools we ask you to use give you a security warning you can safely allow them to run, they have all been proven safe.
  • Download any requested tools and make sure to run them from the desktop, unless specifically instructed otherwise.
  • Please do not install any other software whilst we cleanup, this can complicate the process, making cleaning impossible.
  • With malware it can be impossible to determine the outcome, and whilst we will work to a positive result we strongly recommend you backup all your personal files and folders before we begin.
  • Do remember the fixes used to clean your machine are meant for your computer only, and the use on another computer may cause serious damage to that machine.
  • Finally, please allow me a little time to analyse any logs I request from you, I know you want your computer cleaned yesterday but please remember we are all volunteers here and we do have a life that sometimes takes us away from computers. If your thread gets closed due to no response from you you can PM me or a staff member and have it reopened. Should you not hear from me within 48 hours please PM me.
  • That's the last of the fine print so lets get under way:)


Also please open Chrome
Click the three dots to the right of the URL bar
Click on Settings in the dropdown list
Click Extensions on the left hand list
Remove any extensions relating to Avast, plus any others you dont use.


Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

Click the Scan Now button.



Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click "Clean & Repair" now changed to Quarantine.



After selecting "Clean & Repair" another dialogue box may appear asking to restart now or later. If so choose "Clean & Restart Now"



Once the PC has restarted if AdwCleaner does not restart then open it again and click "Log Files" tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent "Clean" log and it will open a notepad file on your Desktop.

Please COPY and PASTE the contents of that file in your next post:)

Then can you copy and paste fresh FRST and ADDITITION logs please.
 

Loosie

PCHF Member
PCHF Member
Feb 28, 2017
96
6
49
Yes to all the above. As I don't use Chrome, didn't see earlier, but it's on this machine & I have now removed any extensions pertaining to Avast.

Below are the adwcleaner & Farbar logs...

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-04-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1508 octets] - [30/04/2020 14:49:55]
AdwCleaner[C00].txt - [1660 octets] - [30/04/2020 14:50:19]
AdwCleaner[S01].txt - [1527 octets] - [04/05/2020 20:01:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Jessica (administrator) on DESKTOP-F2VBB3S (Acer Aspire One 753) (04-05-2020 20:08:27)
Running from C:\Users\Jessica\Desktop
Loaded Profiles: Jessica (Available Profiles: user & Jessica)
Platform: Windows 10 Pro Version 1903 18362.778 (X64) Language: English (United States)
Default browser not detected!
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe <3>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(Sun Microsystems, Inc. -> Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> vmmem

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2017-05-19] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140376 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-28] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\Installer\setup.exe [2020-04-30] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2018-11-19]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0FF77851-2781-4849-A68B-A39417830E40} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {17B18E22-257C-4F6D-945E-C2FE7035C9A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5ABD20DA-2E10-4436-B296-C405EDC44A5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {60670612-C9BE-4D21-94F0-FB8AB98E4BB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {936F5CBB-5909-4736-AA57-54330EA4FCBF} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {9D8B415D-39A3-4B67-99C1-7A31E7B3D827} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C53D4F3E-FD00-403F-8068-3263C320C24F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-19] (Google Inc -> Google Inc.)
Task: {CBF7FC4A-312A-41E6-AF23-715BE022473A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-19] (Google Inc -> Google Inc.)
Task: {EE0D6D7D-0729-4880-931F-6B231FA38E56} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2955138462-254338748-7883881-1001 => C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F2442E11-D8CB-4ECF-A034-EBD98497838E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{03292477-1f0a-4207-925b-6e0b207770b3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-05-19] (Sun Microsystems, Inc.) [File not signed]

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default [2020-05-04]

FireFox:
========
FF DefaultProfile: y34y7ngm.default
FF ProfilePath: C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default [2020-04-19]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default\Extensions\[email protected] [2020-03-24]
FF Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\y34y7ngm.default\Extensions\[email protected] [2020-03-24]

Chrome:
=======
CHR Profile: C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default [2020-04-19]
CHR Extension: (Slides) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-19]
CHR Extension: (Docs) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-19]
CHR Extension: (Google Drive) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-19]
CHR Extension: (YouTube) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-19]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-04-19]
CHR Extension: (Sheets) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-19]
CHR Extension: (Avast Online Security) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-19]
CHR Extension: (Gmail) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Jessica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmService; C:\WINDOWS\System32\CmService.dll [821776 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S2 edgeupdate; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
S3 edgeupdatem; C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [224144 2020-04-19] (Microsoft Corporation -> Microsoft Corporation)
S3 gcs; C:\WINDOWS\system32\vmcomputeagent.exe [1390904 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [3420672 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
S3 MicrosoftEdgeElevationService; C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.68\elevation_service.exe [1125264 2020-04-29] (Microsoft Corporation -> Microsoft Corporation)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [41992 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495280 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3446576 2020-04-29] (Electronic Arts, Inc. -> Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3498512 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-02-23] (Microsoft Corporation) [File not signed]
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [36368 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
S3 iaStorB; C:\WINDOWS\System32\drivers\iaStorB.sys [559576 2015-05-21] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
S3 iaStorS; C:\WINDOWS\System32\drivers\iaStorS.sys [665592 2015-06-05] (Intel Corporation – Non-Volatile Memory Solutions Group -> Intel Corporation)
R3 int0800; C:\WINDOWS\System32\drivers\flashud.sys [51712 2009-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [161864 2015-10-02] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
S3 l2bridge; C:\WINDOWS\System32\drivers\l2bridge.sys [58384 2020-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 rccfg; C:\WINDOWS\System32\drivers\rccfg.sys [22552 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
S3 rcraid; C:\WINDOWS\System32\drivers\rcraid.sys [540184 2015-05-12] (Microsoft Windows Hardware Compatibility Publisher -> AMD, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1410560 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [39736 2020-04-17] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)
NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-04 20:08 - 2020-05-04 20:08 - 000000000 ____D C:\Users\Jessica\Desktop\FRST-OlderVersion
2020-05-04 20:06 - 2020-05-04 20:06 - 000001717 _____ C:\Users\Jessica\Desktop\AdwCleaner[C01].txt
2020-05-04 19:56 - 2020-05-04 19:56 - 008196784 _____ (Malwarebytes) C:\Users\Jessica\Desktop\adwcleaner_8.0.4.exe
2020-04-30 16:15 - 2020-04-30 16:16 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\PeaZip
2020-04-30 16:14 - 2020-04-30 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2020-04-30 16:14 - 2020-04-30 16:14 - 000000000 ____D C:\Program Files\PeaZip
2020-04-30 16:13 - 2020-04-30 16:13 - 009170606 _____ (Giorgio Tani ) C:\Users\Jessica\Downloads\peazip-7.2.0.WIN64.exe
2020-04-30 15:58 - 2020-04-30 16:22 - 000000000 ____D C:\WINDOWS\Minidump
2020-04-30 15:58 - 2020-04-30 15:59 - 000352500 _____ C:\WINDOWS\Minidump\043020-9296-01.dmp
2020-04-30 15:58 - 2020-04-30 15:58 - 594429911 _____ C:\WINDOWS\MEMORY.DMP
2020-04-30 15:58 - 2020-04-30 15:58 - 000000000 ____D C:\WINDOWS\Panther
2020-04-30 15:47 - 2020-04-30 15:49 - 000036294 _____ C:\Users\Jessica\Desktop\Addition.txt
2020-04-30 15:43 - 2020-05-04 20:10 - 000014453 _____ C:\Users\Jessica\Desktop\FRST.txt
2020-04-30 15:43 - 2020-05-04 20:09 - 000000000 ____D C:\FRST
2020-04-30 15:37 - 2020-05-04 20:08 - 002283520 _____ (Farbar) C:\Users\Jessica\Desktop\FRST64.exe
2020-04-30 15:37 - 2020-04-30 15:38 - 005200384 _____ (AVAST Software) C:\Users\Jessica\Desktop\aswmbr.exe
2020-04-30 15:24 - 2020-04-30 15:24 - 000000000 ____D C:\Users\Jessica\AppData\Local\D3DSCache
2020-04-30 15:23 - 2020-04-30 15:23 - 000000017 _____ C:\Users\Jessica\AppData\Local\resmon.resmoncfg
2020-04-30 14:48 - 2020-04-30 14:50 - 000000000 ____D C:\AdwCleaner
2020-04-30 14:35 - 2020-04-30 14:36 - 003039256 _____ ( ) C:\Users\Jessica\Downloads\Firefox Setup 75.0_1542657230.exe
2020-04-23 10:40 - 2020-04-23 10:44 - 002254054 _____ C:\Users\Jessica\Downloads\Food Chains and Webs Worksheet.pdf
2020-04-23 10:15 - 2020-04-23 10:15 - 001096081 _____ C:\Users\Jessica\Downloads\science CAT.pptx
2020-04-21 12:38 - 2020-04-21 12:39 - 000505980 _____ C:\Users\Jessica\Downloads\Victorias_Tourism_Regions_map_2017 (1).pdf
2020-04-21 12:22 - 2020-04-21 12:22 - 000000000 ____D C:\ProgramData\Samsung
2020-04-21 12:20 - 2020-04-21 12:22 - 000614647 _____ C:\Users\Jessica\Documents\geography.pdf
2020-04-21 12:16 - 2020-04-21 12:16 - 000505980 _____ C:\Users\Jessica\Downloads\Victorias_Tourism_Regions_map_2017.pdf
2020-04-20 13:04 - 2020-04-20 13:05 - 000651558 _____ C:\Users\Jessica\Downloads\chocolate chuckwallas.pptx
2020-04-19 10:57 - 2020-05-04 19:18 - 000000000 ____D C:\Users\Jessica\Desktop\PC prework
2020-04-19 10:56 - 2020-04-28 09:50 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-28 09:50 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-28 09:50 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-19 10:56 - 2020-04-19 10:56 - 000000837 _____ C:\Users\Jessica\Desktop\Speccy.lnk
2020-04-19 10:56 - 2020-04-19 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-04-19 10:56 - 2020-04-19 10:56 - 000000000 ____D C:\Program Files\Speccy
2020-04-19 10:53 - 2020-04-19 10:53 - 006889184 _____ (Piriform Ltd) C:\Users\Jessica\Downloads\spsetup132.exe
2020-04-19 10:45 - 2020-04-30 14:44 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-04-19 10:45 - 2020-04-30 14:44 - 000002259 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-04-19 10:45 - 2020-04-30 14:44 - 000002259 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-04-19 10:43 - 2020-04-30 14:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-04-19 10:43 - 2020-04-30 14:37 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-04-19 10:19 - 2020-05-04 20:02 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2020-04-19 10:19 - 2020-04-19 10:19 - 000000000 ___SD C:\WINDOWS\system32\containers
2020-04-17 10:17 - 2020-04-17 11:03 - 000014410 _____ C:\Users\Jessica\Documents\fitness program.odt
2020-04-17 09:58 - 2020-04-17 09:58 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 003420672 _____ (Microsoft Corporation) C:\WINDOWS\system32\HostNetSvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002399544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 002369576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002188600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001659408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 001495864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 001386296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000744960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-17 09:58 - 2020-04-17 09:58 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000291848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationVdev.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000216888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nvspinfo.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000140088 _____ C:\WINDOWS\system32\nmscrub.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000129336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-17 09:58 - 2020-04-17 09:58 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000048440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxy.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000039736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VmsProxyHNic.sys
2020-04-17 09:58 - 2020-04-17 09:58 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-17 09:58 - 2020-04-17 09:58 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-17 09:57 - 2020-04-17 09:58 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-17 09:57 - 2020-04-17 09:57 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-17 09:57 - 2020-04-17 09:57 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-17 09:57 - 2020-04-17 09:57 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-17 09:57 - 2020-04-17 09:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-17 09:56 - 2020-04-17 09:56 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-17 09:56 - 2020-04-17 09:56 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-17 09:56 - 2020-04-17 09:56 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-17 09:56 - 2020-04-17 09:56 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-17 09:56 - 2020-04-17 09:56 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-17 09:56 - 2020-04-17 09:56 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 003980800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000166712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-17 09:55 - 2020-04-17 09:55 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-17 09:55 - 2020-04-17 09:55 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-17 09:55 - 2020-04-17 09:55 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2020-04-17 09:39 - 2020-03-17 13:57 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-17 09:39 - 2020-03-17 13:56 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-14 10:39 - 2020-04-18 17:25 - 000280920 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-04 20:12 - 2019-12-29 10:50 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\Origin
2020-05-04 20:09 - 2020-02-22 23:42 - 000935256 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-05-04 20:09 - 2019-03-19 14:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-04 20:07 - 2019-12-24 18:02 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-05-04 20:07 - 2019-12-24 17:54 - 000000000 ____D C:\ProgramData\Origin
2020-05-04 20:06 - 2019-12-29 10:50 - 000000000 ____D C:\Users\Jessica\AppData\Local\Origin
2020-05-04 20:05 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-04 20:02 - 2020-02-22 23:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-04 20:02 - 2020-02-22 23:34 - 000000000 ____D C:\Users\Jessica
2020-05-04 20:02 - 2019-03-19 14:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-05-04 19:49 - 2020-02-22 23:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-04 15:23 - 2020-02-22 23:50 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{77749CBB-3810-4A38-9446-2BE2110AF5A1}
2020-05-01 13:31 - 2019-12-29 10:55 - 000000000 ____D C:\Program Files (x86)\Origin
2020-05-01 13:12 - 2019-01-26 22:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-30 15:10 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-30 15:10 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-28 14:51 - 2019-03-19 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-20 12:58 - 2018-11-19 13:30 - 000000000 ____D C:\Users\Jessica\AppData\Local\Packages
2020-04-19 10:56 - 2018-11-19 14:06 - 000000000 ____D C:\Program Files (x86)\Google
2020-04-19 10:56 - 2018-11-19 14:05 - 000000000 ____D C:\Users\Jessica\AppData\Local\Google
2020-04-19 10:37 - 2018-12-27 14:20 - 000000000 ____D C:\Users\Jessica\AppData\Local\CrashDumps
2020-04-19 10:19 - 2018-11-19 14:07 - 000000000 ____D C:\Users\Jessica\AppData\Roaming\AVAST Software
2020-04-19 10:19 - 2018-11-19 13:58 - 000000000 ____D C:\ProgramData\AVAST Software
2020-04-19 10:18 - 2020-03-15 14:00 - 000416568 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmSynthNic.dll
2020-04-19 10:18 - 2020-03-15 13:57 - 000243512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2020-04-19 10:18 - 2020-03-15 13:57 - 000024888 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 006519608 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmchipset.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 002427048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2020-04-19 10:18 - 2020-02-23 23:30 - 000821776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CmService.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmclient.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000119312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2020-04-19 10:18 - 2020-02-23 23:30 - 000070160 _____ C:\WINDOWS\system32\cmdiag.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 003498512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 001390904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeAgent.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000902456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsSandbox.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000677176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000457528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000346936 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsmb.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\madrid.dll
2020-04-19 10:18 - 2020-02-23 17:57 - 000111632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2020-04-19 10:18 - 2020-02-23 17:57 - 000085008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2020-04-19 10:18 - 2020-02-23 17:57 - 000067584 _____ C:\WINDOWS\system32\cmimageworker.exe
2020-04-19 10:18 - 2019-03-19 14:58 - 000058384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2020-04-19 10:18 - 2019-03-19 14:58 - 000041992 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2020-04-19 10:18 - 2019-03-19 14:57 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000047120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000038712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2020-04-19 10:18 - 2019-03-19 14:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2020-04-19 10:18 - 2019-03-19 14:57 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000663568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000503304 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmserial.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000478216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmpmem.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000415784 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000408080 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsynthstor.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000305160 _____ C:\WINDOWS\system32\vp9fs.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000298512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000294952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmdynmem.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000286216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmiccore.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000281104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2020-04-19 10:18 - 2019-03-19 14:56 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmCrashDump.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000239928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2020-04-19 10:18 - 2019-03-19 14:56 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmflexio.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpupvdev.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000205624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000157728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2020-04-19 10:18 - 2019-03-19 14:56 - 000118584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000078856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000076816 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000036600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2020-04-19 10:18 - 2019-03-19 14:56 - 000031544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000028688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000027664 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2020-04-19 10:18 - 2019-03-19 14:56 - 000006658 _____ C:\WINDOWS\system32\VmChipset Third-Party Notices.txt
2020-04-19 10:04 - 2018-11-10 14:46 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-19 10:03 - 2018-11-19 14:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-19 09:58 - 2018-12-25 08:33 - 000000000 ____D C:\Users\Jessica\AppData\LocalLow\Mozilla
2020-04-19 00:12 - 2020-02-22 23:50 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-19 00:12 - 2020-02-22 23:50 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-18 19:50 - 2020-02-22 23:50 - 000003300 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{36186677-9CAD-4271-8CDF-54EC84FFB1E7}
2020-04-18 19:50 - 2020-02-22 23:50 - 000002844 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2955138462-254338748-7883881-1001
2020-04-18 17:24 - 2019-03-19 16:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-04-18 17:24 - 2019-03-19 14:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-17 09:52 - 2019-03-19 14:57 - 000014336 _____ C:\WINDOWS\system32\hnsproxy.dll
2020-04-14 10:20 - 2019-12-29 17:27 - 000001440 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2020-04-14 10:20 - 2019-12-29 17:27 - 000001440 _____ C:\ProgramData\Desktop\The Sims 4.lnk

==================== Files in the root of some directories ========

2020-02-18 10:54 - 2020-02-18 10:54 - 000000000 ____H () C:\Users\Jessica\AppData\Local\BITB501.tmp
2018-12-26 15:54 - 2018-12-26 15:54 - 000000000 ____H () C:\Users\Jessica\AppData\Local\BITC0DC.tmp
2020-04-30 15:23 - 2020-04-30 15:23 - 000000017 _____ () C:\Users\Jessica\AppData\Local\resmon.resmoncfg
2018-12-26 15:53 - 2018-12-26 15:53 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{564C5B4E-A7B6-4DB4-A2C1-DA5EB2CEE90C}
2020-03-04 18:48 - 2020-03-04 18:48 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{C9EB6DA1-2DAB-4023-AF4C-2B7E78B7FD9D}
2020-02-18 10:48 - 2020-02-18 10:48 - 000000000 _____ () C:\Users\Jessica\AppData\Local\{EF1D957A-4A4A-48CA-AFD8-95E5FDA7BB0D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020
Ran by Jessica (04-05-2020 20:12:36)
Running from C:\Users\Jessica\Desktop
Windows 10 Pro Version 1903 18362.778 (X64) (2020-02-22 13:51:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2955138462-254338748-7883881-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2955138462-254338748-7883881-503 - Limited - Disabled)
Guest (S-1-5-21-2955138462-254338748-7883881-501 - Limited - Disabled)
Jessica (S-1-5-21-2955138462-254338748-7883881-1002 - Administrator - Enabled) => C:\Users\Jessica
user (S-1-5-21-2955138462-254338748-7883881-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-2955138462-254338748-7883881-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 81.0.416.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.127.21 - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 10.5.69.40136 - Electronic Arts, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PeaZip 7.2.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 7.2.0 - Giorgio Tani)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.62.67.1020 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-30] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2955138462-254338748-7883881-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jessica\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jessica\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Jessica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-04-25 13:27 - 2020-04-25 13:24 - 000148992 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL_Swift.DLL
2020-04-25 13:27 - 2020-04-25 13:24 - 005201408 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2_Swift.DLL
2020-05-01 13:31 - 2020-04-25 13:24 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2020-04-25 13:27 - 2020-04-25 13:24 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-05-01 13:31 - 2020-04-25 13:24 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorB.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorS.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rccfg.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rcraid.sys:com.dropbox.attributes [168]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 17:24 - 2019-01-30 11:36 - 000001154 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-02-25 17:23 - 2020-02-25 17:29 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2955138462-254338748-7883881-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: Hyper-V Extensible Virtual Switch -> vms_pp (disabled)
Ethernet 2: Bridge Driver -> ms_l2bridge (enabled)
Wi-Fi 2: Hyper-V Extensible Virtual Switch -> vms_pp (disabled)
Wi-Fi 2: Bridge Driver -> ms_l2bridge (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\StartupFolder: => "Shrink Pic.lnk"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2955138462-254338748-7883881-1002\...\StartupApproved\Run: => "DownloadAccelerator"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{63057E57-5B00-4AF2-98C4-394B543D5057}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{8DEE752B-F497-48D4-A908-A3756A9E57A1}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9182AD51-D687-45EA-A26C-0A70274FEF54}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{EC918EE4-6A40-4A77-A144-8AF9ED217DBA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E251AD28-966B-4939-B54B-0F2334D1CC47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{F82AA30C-79E5-476B-8F93-931A224851C4}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{4D4B0F5B-A010-4425-B6ED-FE2812F04D5B}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{7916256F-344D-455C-95A5-C0DBF585EBCB}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{637D2C7F-C118-4920-9C77-DFB22C7F109D}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{465028D0-4473-40B4-A1B3-B40552DDE357}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{2E7A53A6-EA93-4AE5-A0E5-7CDBF2824E7B}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{F2D9FD59-EA90-4A81-A94A-BDF3EE53CFA8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F46C6A0B-D3A9-45ED-8C0E-61B90BC58803}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{BE05CCDB-013A-4C6B-9491-7B3ED005DB6F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{19106FCE-2FCE-49F3-BA3E-8C4E80AD7B5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{4DE9A76B-4586-4E8C-AA51-C21242FA9B4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4AAE441C-E46A-4175-8B71-2A3F469395C5}] => (Allow) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-04-2020 15:48:12 restore point 29-4-20

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2020 08:14:18 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3000,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/04/2020 10:21:05 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1180,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/04/2020 09:30:32 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5720,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/04/2020 09:16:19 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2660,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 01:28:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 01:22:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume PortableBaseLayer (C:\ProgramData\Microsoft\Windows\Containers\BaseImages\0c0b836a-8a8a-4950-9cbf-eecc915bd6ee\BaseLayer) was not optimized because an error was encountered: The disk was disconnected from the system. (0x89000011)

Error: (05/01/2020 01:16:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5648,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/30/2020 04:11:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3012,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (05/04/2020 08:01:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/04/2020 08:01:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hyper-V Host Compute Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/30/2020 03:59:01 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8037080d010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80370cc95ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 2a4f3e7a-3e1b-421d-83cc-2441e61ec532.

Error: (04/30/2020 03:58:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:31:07 PM on ‎4/‎30/‎2020 was unexpected.

Error: (04/30/2020 02:51:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/30/2020 02:51:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/30/2020 02:50:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Origin Web Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/30/2020 02:50:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Hyper-V Host Compute Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2020-05-01 13:23:17.373
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E71D7A74-6D5D-4DBC-81ED-6A6D3861F774}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 10:58:21.956
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CB3CAD17-D16E-4CAC-9956-8FB9001B5EEB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 10:53:00.442
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DFCCDD67-B1EA-4177-A894-521FED89C629}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 10:40:32.835
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EDAA5307-86A8-4B76-AAC5-41440992BE1B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-23 09:27:34.403
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B9F4A774-89E5-4143-A640-3240F69BD454}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-28 13:23:24.447
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2474.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-04-27 10:28:59.492
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-04-27 09:16:01.355
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-27 09:16:01.338
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-27 09:16:01.323
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2289.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-04-18 17:28:18.460
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:28:17.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:28:16.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-18 17:27:29.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.896
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.775
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.655
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-18 17:27:28.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: INSYDE V1.29 12/8/2011
Motherboard: Intel Corp. JV10_CS
Processor: Intel(R) Celeron(R) CPU U3600 @ 1.20GHz
Percentage of memory in use: 57%
Total physical RAM: 3765.86 MB
Available physical RAM: 1586.8 MB
Total Virtual: 4469.86 MB
Available Virtual: 1733.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.28 GB) (Free:51.02 GB) NTFS

\\?\Volume{7cb7544b-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.6 GB) NTFS
\\?\Volume{7cb7544b-0000-0000-0000-30b11d000000}\ () (Fixed) (Total:0.47 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 7CB7544B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=484 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

gus

PCHF Administrator
Administrator
Security Team
PCHF Donator
Malware Teacher
Jul 19, 2016
4,364
1,833
pchelpforum.net
Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click "Save File" and then "OK"



Save the file to the desktop. IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.



To run the fix right click the FRST icon and choose "Run as Administrator" then click on "Fix"



Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the "Fixlist.txt" file you created will be renamed "Fixlog.txt"

Please COPY and PASTE the contents of this new file in your next post:)
 

Attachments

Status
Not open for further replies.