Author Topic: Hacker?: Accounts accessed?--receive code via text for two-factor verification  (Read 8321 times)

0 Members and 1 Guest are viewing this topic.

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Hello! I think I received text messages for code to access my facebook account about one to two months ago. I have double protection with password and code from text so nobody can access my accounts. I still feel like I get warnings on my laptop that I'm not on a private browser. I thought my TurboTax was hacked last night but unsure. I received odd texts this morning with link and my address. Another one was about previous addresses. I just don't know if coincidences or if I have virus, hacker or spies? I haven't done anything other than tweet Corrine.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by Angel (administrator) on LAPTOP-Q41MP6MQ (Dell Inc. Inspiron 5570) (19-02-2020 18:38:10)
Running from C:\Users\Angel\OneDrive\Desktop
Loaded Profiles: Angel (Available Profiles: Angel)
Platform: Windows 10 Home Version 1809 17763.1039 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(GeoComply USA, Inc. -> GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_eea3cf789013ad4f\RstMwService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Angel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Angel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.106.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269328 2019-01-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-01-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [1213736 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [95135168 2019-08-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Angel\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-10-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5557296 2020-02-04] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01497B93-3735-400C-B56C-B9D6792995CB} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [33984 2019-08-07] (Rivet Networks LLC -> DELL)
Task: {07CF3897-B113-43CF-9C93-E8CF3D16F12D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {189ECBF4-8833-4420-81E7-025C5CD832C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {1BB29899-FF5D-4F7F-8E81-86C44D920F22} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2653BDEF-A6BE-4D97-A6F4-A6F6BA053F22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B6B252A-B0A0-440B-B482-B384A700292B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3BFA0E1B-C5BB-433E-B3DE-08CDD045D7EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6D6AFD0B-AA50-4A3C-A593-416ABD52F88E} - System32\Tasks\GeoComply Service Check => "C:\Program Files (x86)\GeoComply/\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd"
Task: {896A78CA-8019-4502-ABAF-B14EBDA9A455} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158760 2020-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9BC43CF-9EA1-41A6-B68A-70FCF5C39346} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24568904 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC2CF7BD-93CE-4159-AE78-E2714E8EE3C5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018616 2020-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD893819-178E-4213-813F-7579EE6F1367} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158760 2020-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7FAF10A-DE0E-4ED1-A511-1A5C3CE5BC9F} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.exe [3191272 2019-07-07] (GeoComply USA, Inc. -> GeoComply)
Task: {D8C58E28-9A26-42C0-8E39-12898FF95E95} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018616 2020-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC76A489-CE8A-4D4A-BECA-2EE98872354D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)
Task: {E016742C-BA53-48B7-B65B-77D7C4B09D5D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1CAE8F1-7B3F-4129-8F45-E2B358173233} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-01] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4546c0b4-61d8-4d7e-aa2f-3c3e236bc249}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17swin10.msn.com/?pc=DSJE
HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17swin10.msn.com/?pc=DSJE
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UF03
SearchScopes: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001 -> {E7B5BEF7-A830-43A7-858A-05667B872EEA} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-02-13] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Angel\OneDrive\Desktop

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-10-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2019-03-24] (Geocomply USA, Inc. -> GeoComply)

Chrome:
=======
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2020-02-19]
CHR Notifications: Default -> hxxps://www.sephora.com
CHR Extension: (Slides) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-01]
CHR Extension: (Docs) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-01]
CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-01]
CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-01-26]
CHR Extension: (Sheets) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-01]
CHR Extension: (Google Docs Offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11096432 2020-02-09] (Microsoft Corporation -> Microsoft Corporation)
S3 dcpm-notify; C:\Program Files\Dell\CommandPowerManager\NotifyService.exe [313488 2020-01-05] (Dell Inc -> Dell Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38096 2020-01-24] (Dell Inc -> )
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{DC25E777-A86A-42DB-A7C6-FB6FD435CDBD} [21304 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 Dell.CommandPowerManager.Service; C:\WINDOWS\system32\dllhost.exe /Processid:{DC25E777-A86A-42DB-A7C6-FB6FD435CDBD} [21304 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2019-11-08] (Dell Inc -> )
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705488 2018-08-30] (Intel Corporation -> Intel Corporation)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_eea3cf789013ad4f\HfcDisableService.exe [1881672 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2859592 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [529912 2019-07-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [870760 2019-02-13] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [783208 2019-02-13] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [290392 2019-04-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [3141608 2019-05-14] (GeoComply USA, Inc. -> GeoComply)
S3 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2019-08-07] (Rivet Networks LLC -> CloudBees, Inc.)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_eea3cf789013ad4f\RstMwService.exe [2156616 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267768 2019-01-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2353352 2019-08-07] (Rivet Networks LLC -> Rivet Networks)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [875816 2018-11-04] (Waves Inc -> Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3753016 2019-08-19] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74584 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69984 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [383328 2018-08-30] (Intel Corporation -> Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [85064 2017-11-30] (Intel(R) Software -> Intel Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1033288 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72776 2019-05-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [257528 2019-07-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8720384 2019-08-28] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984040 2017-06-19] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [443480 2019-07-05] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [132952 2019-08-07] (Rivet Networks LLC -> Rivet Networks, LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-19 18:37 - 2020-02-19 18:39 - 000000000 ____D C:\FRST
2020-02-19 17:57 - 2020-02-19 17:57 - 000003330 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2020-02-18 20:17 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-02-17 21:06 - 2020-02-17 21:06 - 000000000 ___HD C:\OneDriveTemp
2020-02-16 10:07 - 2020-02-16 10:07 - 000992009 _____ C:\Users\Angel\OneDrive\Documents\Power of Attorney for Erie Insurance.pdf
2020-02-15 05:52 - 2020-02-15 05:52 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2065802760-3759808543-2889841689-1001
2020-02-15 05:52 - 2020-02-15 05:52 - 000002367 _____ C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-13 19:07 - 2020-02-13 06:08 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-02-13 19:07 - 2020-02-13 06:08 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-13 07:06 - 2020-02-13 07:06 - 000000000 ____D C:\ProgramData\ssh
2020-02-13 06:27 - 2020-02-13 06:27 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-02-13 06:27 - 2020-02-13 06:27 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-02-12 07:12 - 2020-02-12 07:12 - 005436936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-02-12 07:12 - 2020-02-12 07:12 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-02-12 07:12 - 2020-02-12 07:12 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 002323904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 002273080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 001877168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 001430672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 001288856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 001267216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-12 07:12 - 2020-02-12 07:12 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-02-12 07:12 - 2020-02-12 07:12 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 024617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 023463424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 019020288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 013013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 012306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 008906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 007923712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 007870976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 006546296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 006445568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 006318544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 006061056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 005608328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 004872704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 004658688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 003904000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 003874936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002780296 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002770944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002348544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002280024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001866240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001674688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001647104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001222672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001219584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-02-12 07:11 - 2020-02-12 07:11 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-02-12 07:11 - 2020-02-12 07:11 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000876032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000541472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000252024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-02-12 07:11 - 2020-02-12 07:11 - 000212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-02-12 07:11 - 2020-02-12 07:11 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000156712 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000128616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-02-12 07:11 - 2020-02-12 07:11 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasphone.exe
2020-02-12 07:11 - 2020-02-12 07:11 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 022137336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 009669648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 007888896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 007701200 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 006943232 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 005577656 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 005528576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 005300736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 004588776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 004417552 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 004050944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003636736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 003577856 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003363848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003329536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 003006464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002848256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002707456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 002634240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 002590736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 002292224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001963536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 001830928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001796920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-02-12 07:10 - 2020-02-12 07:10 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001665720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001538560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001520232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001486680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001479208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001360912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 001345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-02-12 07:10 - 2020-02-12 07:10 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001294488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001259832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 001183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001056272 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 001054952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001012736 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000902344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000888864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-02-12 07:10 - 2020-02-12 07:10 - 000856432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000758928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000681416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000677144 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000606224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000591376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000510264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000465424 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000446480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000408064 _____ (Microsoft

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
This is the rest of my First Text:

2020-02-12 07:10 - 2020-02-12 07:10 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000405520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000402584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000398416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000389920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000331104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000313000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000293856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000286520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000213816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000189496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000105784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-02-12 07:10 - 2020-02-12 07:10 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2020-02-12 07:10 - 2020-02-12 07:10 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-02-12 07:10 - 2020-02-12 07:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-02-12 07:09 - 2020-02-12 07:10 - 002015608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 001677312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 001258504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-12 07:09 - 2020-02-12 07:09 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-12 07:09 - 2020-02-12 07:09 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 000751632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-02-12 07:09 - 2020-02-12 07:09 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-02-12 07:09 - 2020-02-12 07:09 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-02-12 07:09 - 2020-02-12 07:09 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2020-02-12 07:09 - 2020-02-12 07:09 - 000095760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-12 06:53 - 2020-02-12 06:53 - 000934677 _____ C:\Users\Angel\OneDrive\Documents\Target Pharmacy Receipt for State Farm Medical Claim.pdf
2020-02-11 20:31 - 2020-02-11 20:31 - 000000000 ____D C:\WINDOWS\{CF288B74-0960-4CF2-86EB-F80340BC598C}
2020-02-03 06:00 - 2020-02-03 06:00 - 000097286 _____ C:\Users\Angel\Downloads\100133805760-095695847507-.PDF
2020-01-28 19:44 - 2020-01-28 19:44 - 000000000 ____D C:\Program Files (x86)\DummyDir
2020-01-26 09:27 - 2020-01-26 09:27 - 000603247 _____ C:\Users\Angel\Downloads\Cousins (2).pdf
2020-01-26 09:26 - 2020-01-26 09:26 - 000603247 _____ C:\Users\Angel\Downloads\Cousins (1).pdf
2020-01-25 20:13 - 2020-01-25 20:13 - 000603247 _____ C:\Users\Angel\Downloads\Cousins.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-19 18:36 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-19 17:55 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-02-19 17:54 - 2019-02-22 07:08 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3AFF0136-932C-4F79-9999-48C960EF9F1F}
2020-02-19 17:53 - 2018-11-17 08:17 - 000000000 ____D C:\Program Files\rempl
2020-02-19 17:51 - 2019-02-22 06:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-18 21:30 - 2019-01-24 21:04 - 000000000 ____D C:\Users\Angel\OneDrive\Documents\Taxes
2020-02-18 21:27 - 2019-11-12 21:38 - 000000000 ____D C:\Users\Angel\AppData\Local\Adobe
2020-02-18 21:26 - 2019-04-19 07:41 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2020-02-18 21:26 - 2018-03-03 13:48 - 000000000 ____D C:\ProgramData\Goodix
2020-02-17 21:07 - 2019-11-12 22:01 - 000000000 ___RD C:\Users\Angel\Creative Cloud Files
2020-02-17 21:06 - 2018-03-03 13:57 - 000000000 ___RD C:\Users\Angel\OneDrive
2020-02-17 21:03 - 2018-03-03 13:55 - 000000000 __SHD C:\Users\Angel\IntelGraphicsProfiles
2020-02-16 09:59 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-02-16 09:58 - 2019-10-03 08:10 - 000000000 ____D C:\Program Files\Microsoft Office
2020-02-16 09:58 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-13 19:17 - 2019-11-12 21:47 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-02-13 19:13 - 2019-02-22 07:04 - 000842668 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-13 19:13 - 2018-09-15 02:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-13 19:12 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-02-13 19:11 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\Registration
2020-02-13 19:09 - 2018-03-03 13:55 - 000000000 ___RD C:\Users\Angel\3D Objects
2020-02-13 19:09 - 2017-12-26 15:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-02-13 19:08 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-02-13 19:07 - 2019-02-22 06:20 - 000457960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-02-13 19:06 - 2019-02-22 07:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-13 07:10 - 2018-09-15 01:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-02-13 07:06 - 2018-09-15 02:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-02-13 07:06 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-02-13 07:06 - 2018-09-15 01:09 - 000000000 ____D C:\WINDOWS\servicing
2020-02-13 06:25 - 2019-09-02 11:22 - 000000000 ____D C:\Users\Angel\OneDrive\Documents\Bankruptcy
2020-02-13 06:08 - 2018-09-15 02:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-02-13 06:04 - 2018-03-04 13:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-13 06:00 - 2018-03-04 13:26 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-11 20:35 - 2017-12-26 15:25 - 000000000 ____D C:\Program Files (x86)\Intel
2020-02-04 19:21 - 2019-02-22 07:08 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-04 19:21 - 2019-02-22 07:08 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-04 19:07 - 2017-12-26 15:24 - 000000000 ____D C:\ProgramData\Package Cache
2020-02-04 19:05 - 2018-05-31 20:17 - 000000000 ____D C:\Program Files\Common Files\Intel
2020-02-04 19:05 - 2017-12-26 15:26 - 000000000 ____D C:\ProgramData\Intel
2020-02-04 19:01 - 2017-12-26 15:24 - 000000000 ____D C:\Program Files\Intel
2020-01-22 19:53 - 2018-09-01 07:15 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-22 19:53 - 2018-09-01 07:15 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-22 19:53 - 2018-09-01 07:15 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ========

2019-11-12 21:52 - 2019-11-12 21:52 - 000000410 _____ () C:\Users\Angel\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Angel (19-02-2020 18:40:35)
Running from C:\Users\Angel\OneDrive\Desktop
Windows 10 Home Version 1809 17763.1039 (X64) (2019-02-22 12:10:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2065802760-3759808543-2889841689-500 - Administrator - Disabled)
Angel (S-1-5-21-2065802760-3759808543-2889841689-1001 - Administrator - Enabled) => C:\Users\Angel
DefaultAccount (S-1-5-21-2065802760-3759808543-2889841689-503 - Limited - Disabled)
Guest (S-1-5-21-2065802760-3759808543-2889841689-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2065802760-3759808543-2889841689-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Dell Digital Delivery Services (HKLM-x32\...\{2F67D318-DCDC-4D94-9048-37789F3C065B}) (Version: 4.0.51.0 - Dell Inc.)
Dell Power Manager Service (HKLM\...\{18469ED8-8C36-4CF7-BD43-0FC9B1931AF8}) (Version: 3.6.0 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.1.0 - Dell Inc.)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 1.0.33.800 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10209.6897 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.364 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6859 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.0.1017 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001040-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.40.1.1 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{7D4998B3-AC68-4815-AC47-5A1969D91E30}) (Version: 17.5.0.1017 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8909c7f7-2f31-4786-b020-18218d3cabf3}) (Version: 21.40.1 - Intel Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9669.4 - Waves Audio Ltd.) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12430.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\...\Teams) (Version: 1.2.00.22654 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12430.20184 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12430.20264 - Microsoft Corporation) Hidden
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 3.0.4.3,3.0.5.1,3.1.1.3 - GeoComply)
QponPrinterV2 1.0.3 (HKLM-x32\...\Qpon-Printer-v2) (Version: 1.0.3 - Qples Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.18362.31252 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8622 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{D14CBC77-BBC4-4705-B90B-018081184A5F}) (Version: 2.5.730 - Rivet Networks)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.22654 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-13] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-11-12] (Adobe Systems Incorporated)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.2.21.0_x64__htrsf667h5kn2 [2020-01-09] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_4.0.51.0_x64__htrsf667h5kn2 [2020-01-28] (Dell Inc)
Dell Help & Support -> C:\Program Files\WindowsApps\DellInc.DellHelpSupport_3.2.1.0_x64__htrsf667h5kn2 [2018-03-08] (Dell Inc)
Dell Power Manager -> C:\Program Files\WindowsApps\DellInc.DellPowerManager_3.6.12.0_x64__htrsf667h5kn2 [2020-02-04] (Dell Inc)
Dell Product Registration -> C:\Program Files\WindowsApps\DellInc.DellProductRegistration_3.4.6.0_x64__htrsf667h5kn2 [2018-07-19] (Dell Inc)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-13] (Dropbox Inc.)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-22] (Facebook Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-13] (HP Inc.)
Media Suite Essentials for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.4.2725.0_x86__mcezb6ze687jp [2018-05-17] (CYBERLINK CORPORATION.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-24] (Netflix, Inc.)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.1.9506.0_x86__mcezb6ze687jp [2018-11-25] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_8.0.8908.0_x86__mcezb6ze687jp [2018-05-17] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2018-08-29] (CYBERLINK CORPORATION.)
SmartByte -> C:\Program Files\WindowsApps\RivetNetworks.SmartByte_2.5.713.0_x64__rh07ty8m5nkag [2019-04-22] (Rivet Networks LLC)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B4CC9460FEB1} -> [Creative Cloud Files] => C:\Users\Angel\Creative Cloud Files [2019-11-12 22:01]
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Angel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19178.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2065802760-3759808543-2889841689-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-05-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-05-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\igfxDTCM.dll [2019-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-01-24 17:38 - 2020-01-24 17:38 - 000019456 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2019-08-07 10:05 - 2019-08-07 10:05 - 000102400 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Angel\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Arrow Material Services:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bank of America _ Online Banking _credit-print-claim-page_files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bankruptcy:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\HpReg_Backup:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Sound recordings:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Taxes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Uber:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Vehicle Registration:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2065802760-3759808543-2889841689-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DA610BCD-FFC3-46D8-8438-68AAD19F88ED}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{64C04EF1-78CC-48CB-9A7C-3E8BE3C14789}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CD97D817-671B-40A7-B39C-86AC49D80456}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{718B2E3B-97C6-4581-9470-DB80E717A512}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B9B3AF56-7243-4BC0-9294-DE2D72939686}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FE291625-7409-412B-A604-49E0FE1B3A6F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{124AB296-20D1-4756-842E-1504DAA8AA3A}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CC0CDA9C-EDA5-48D4-895E-4E5AD17D1355}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{80CBA593-14C7-4D36-97BA-A2445C28E811}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BB92A24-1D04-44DA-921B-58FAE764DB2A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68561C70-8724-4A22-B19F-C15F3357ADE6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{81A2B2C1-62AE-46C6-B757-8A4D9EB008E4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A34367A-AAC1-41F7-81F6-677D6DFD6881}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{376D10C9-1805-4994-81A7-90E59034B901}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DBEA3E0E-9AAB-42EB-8E0D-BD8E269C612D}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
FirewallRules: [{2318550D-C68D-4A0C-B844-20D05C9AA61F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

28-01-2020 21:26:25 Scheduled Checkpoint
12-02-2020 06:42:43 Windows Update
18-02-2020 20:16:51 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/17/2020 09:05:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6859, time stamp: 0x5cc8ee47
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0xfb6790ac
Exception code: 0xe0434352
Fault offset: 0x0000000000039159
Faulting process id: 0x397c
Faulting application start time: 0x01d5e5ffccc1c9e2
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 39ef4f86-6363-4bfb-83fa-98e276f678e2
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2020 09:05:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   at GfxGameSettingsDownload.Program.Main(System.String[])

Error: (02/15/2020 05:49:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.17763.864 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1574

Start Time: 01d5e3ed4142f6bc

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: be499f87-7afa-43e9-b6be-61dc023ff528

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (02/11/2020 08:36:16 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/11/2020 08:31:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/04/2020 07:00:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/04/2020 06:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GfxDownloadWrapper.exe, version: 8.15.100.6859, time stamp: 0x5cc8ee47
Faulting module name: KERNELBASE.dll, version: 10.0.17763.914, time stamp: 0xfb6790ac
Exception code: 0xe0434352
Fault offset: 0x0000000000039159
Faulting process id: 0x3ab8
Faulting application start time: 0x01d5dbb66880e36f
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\ki132544.inf_amd64_b8c1f31373153db4\GfxDownloadWrapper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: da108189-c49c-4a3f-a43c-48b6a2c06038
Faulting package full name:
Faulting package-relative application ID:

Error: (02/04/2020 06:54:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GfxDownloadWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   at System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   at System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   at GfxGameSettingsDownload.Program.Main(System.String[])


System errors:
=============
Error: (02/19/2020 06:06:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q41MP6MQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-Q41MP6MQ\Angel SID (S-1-5-21-2065802760-3759808543-2889841689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 08:17:34 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-Q41MP6MQ)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-Q41MP6MQ\Angel SID (S-1-5-21-2065802760-3759808543-2889841689-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 01:22:05 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-Q41MP6MQ)
Description: The server Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (02/17/2020 09:36:20 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (02/17/2020 09:36:20 PM) (Source: Netwtw04) (EventID: 5007) (User: )
Description: 5007 - TX/CMD timeout (TfdQueue hanged)

Error: (02/17/2020 09:36:20 PM) (Source: Netwtw04) (EventID: 5005) (User: )
Description: Intel(R) Dual Band Wireless-AC 3165 : Has encountered an internal error and has failed.
5005 - Driver internal error

Error: (02/17/2020 09:36:20 PM) (Source: Netwtw04) (EventID: 5005) (User: )
Description: Intel(R) Dual Band Wireless-AC 3165 : Has encountered an internal error and has failed.
5005 - Driver internal error

Error: (02/17/2020 09:36:20 PM) (Source: Netwtw04) (EventID: 5002) (User: )
Description: Intel(R) Dual Band Wireless-AC 3165 : Has determined that the network adapter is not functioning properly.
5002 - uCode SW error (SysAssert, NMI)


Windows Defender:
===================================
Date: 2020-02-19 18:34:19.256
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Angel\OneDrive\Desktop\FRST.exe; webfile:_C:\Users\Angel\OneDrive\Desktop\FRST.exe|https://download.bleepingcomputer.com/dl/9b2f7f56b29f48965f60d6f9ac9b27c9/5e4dc5f2/windows/security/security-utilities/f/farbar-recovery-scan-tool/FRST.exe|pid:2072,ProcessStart:132266288585681945
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\browser_broker.exe
Signature Version: AV: 1.309.1254.0, AS: 1.309.1254.0, NIS: 1.309.1254.0
Engine Version: AM: 1.1.16700.3, NIS: 1.1.16700.3

Date: 2020-02-19 18:34:19.164
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Angel\OneDrive\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\browser_broker.exe
Signature Version: AV: 1.309.1254.0, AS: 1.309.1254.0, NIS: 1.309.1254.0
Engine Version: AM: 1.1.16700.3, NIS: 1.1.16700.3

Date: 2020-02-19 18:32:24.849
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Angel\OneDrive\Desktop\FRST.exe; webfile:_C:\Users\Angel\OneDrive\Desktop\FRST.exe|https://download.bleepingcomputer.com/dl/648b20a063ba4966ab4296942f048d65/5e4dc57c/windows/security/security-utilities/f/farbar-recovery-scan-tool/FRST.exe|pid:20128,ProcessStart:132266287439692093
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.309.1254.0, AS: 1.309.1254.0, NIS: 1.309.1254.0
Engine Version: AM: 1.1.16700.3, NIS: 1.1.16700.3

Date: 2020-02-19 18:32:23.793
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Angel\OneDrive\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.309.1254.0, AS: 1.309.1254.0, NIS: 1.309.1254.0
Engine Version: AM: 1.1.16700.3, NIS: 1.1.16700.3

Date: 2020-02-19 18:32:22.844
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.D!ml&threatid=2147749373&enterprise=0
Name: Trojan:Win32/Wacatac.D!ml
ID: 2147749373
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Angel\OneDrive\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\browser_broker.exe
Signature Version: AV: 1.309.1254.0, AS: 1.309.1254.0, NIS: 1.309.1254.0
Engine Version: AM: 1.1.16700.3, NIS: 1.1.16700.3

Date: 2020-02-19 17:52:07.717
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2020-02-13 06:02:48.012
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.309.795.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-02-13 19:08:15.171
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-02-13 06:30:24.174
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-01-23 20:25:39.336
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-01-17 18:25:01.805
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2019-12-19 20:10:52.149
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2019-12-13 06:40:17.498
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements.

Date: 2019-12-13 06:40:17.490
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements.

Date: 2019-12-13 06:40:17.111
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\spool\drivers\x64\3\ADUIGP.DLL that did not meet the Unchecked signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.2.3 05/15/2019
Motherboard: Dell Inc. 09YTN7
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 61%
Total physical RAM: 8089.84 MB
Available physical RAM: 3084.74 MB
Total Virtual: 10727.55 MB
Available Virtual: 4185.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.42 GB) (Free:863.72 GB) NTFS

\\?\Volume{11b9f4f6-af3e-4c65-b4dc-8816d87e5287}\ (WINRETOOLS) (Fixed) (Total:0.47 GB) (Free:0.07 GB) NTFS
\\?\Volume{effbf4ad-0ae8-4622-97dd-f3d2567c2232}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 843848C4)

Partition: GPT.

==================== End of Addition.txt =======================

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20699
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Lisa. 

You'd be surprised how efficient spammers.  I actually received two phishing emails a week after paying Amazon Prime that the payment was declined.  The Amazon logo was there and the sender showed as Customer Service and the email address actually included no-replyamazon with a lot of gobbledegook following with @ something.space, definitely not amazon.com. 

I suggest you change your TurboTax password before doing anything else.

Let's start with a Malwarebytes scan. 

Please download Malwarebytes to your desktop.
  • Right-click on the Malwarebytes icon and select Run as Administrator. Follow the on-screen prompts to install Malwarebytes Anti-Malware.
  • Once the installation has finished, launch Malwarebytes.
  • Click on Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop, with a name like MBAMLog.txt.
  • Open the Malwarebytes log on your desktop, and copy and paste its contents into your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Corrine,

Thank you!!!! I think I have an issue! I quarantined two threats and followed your steps. However, when I copied and pasted them to this reply, I received a "403 Forbidden" code--I tried twice and still same error. I will attempt to reboot and refresh. Do I have a worse problem? I don't want to paste something that will affect anything else. I'll keep you posted when I reboot.

Lisa

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Sorry! Something is definitely wrong with my laptop!  :'( I think I have some clever "hackers"? I hope they haven't done any damage!
I pasted the contents and clicked on posted and received the same message again:

403
Forbidden
Access to this resource on the server is denied!

I think I should have contacted you earlier than later! I'm working soon and will log in again tonight to read your next steps.

Thank you!

Lisa

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
I had an idea of using snipping tool but apparently that doesn't work. I'm going to try to post some of the notes:

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.823
Update Package Version: 1.0.19490
License: Trial

-System Information-
OS: Windows 10 (Build 17763.1039)
CPU: x64
File System: NTFS
User: LAPTOP-Q41MP6MQ\Angel

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 275171
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Sorry, I couldn't post the rest of it--received a 403 code again. I'm going to attempt the beginning of the last post:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/20/20
Scan Time: 6:12 AM
Log File: e8f64b14-53d1-11ea-9a9a-8cec4b123e2a.json


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20699
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Lisa.

Regarding the 403 Forbidden error, make sure you're not using an old bookmark to access the site that has HTTP instead of HTTPS.  As to what Malwarebytes quarantined, they were apparently a "Potentially unwanted program" and a "Potentially unwanted modification". 

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Default -> hxxps://www.sephora.com
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\Users\Angel\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Arrow Material Services:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bank of America _ Online Banking _credit-print-claim-page_files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bankruptcy:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\HpReg_Backup:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Sound recordings:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Taxes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Uber:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Vehicle Registration:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
FirewallRules: [{DA610BCD-FFC3-46D8-8438-68AAD19F88ED}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{64C04EF1-78CC-48CB-9A7C-3E8BE3C14789}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CD97D817-671B-40A7-B39C-86AC49D80456}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{718B2E3B-97C6-4581-9470-DB80E717A512}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B9B3AF56-7243-4BC0-9294-DE2D72939686}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FE291625-7409-412B-A604-49E0FE1B3A6F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{124AB296-20D1-4756-842E-1504DAA8AA3A}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CC0CDA9C-EDA5-48D4-895E-4E5AD17D1355}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{376D10C9-1805-4994-81A7-90E59034B901}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DBEA3E0E-9AAB-42EB-8E0D-BD8E269C612D}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile


Fix result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Angel (20-02-2020 21:22:31) Run:1
Running from C:\Users\Angel\OneDrive\Desktop
Loaded Profiles: Angel (Available Profiles: Angel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR Notifications: Default -> hxxps://www.sephora.com
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ShortcutWithArgument: C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\Users\Angel\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Arrow Material Services:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bank of America _ Online Banking _credit-print-claim-page_files:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Bankruptcy:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\CyberLink:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\HpReg_Backup:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Sound recordings:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Taxes:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Uber:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\Angel\OneDrive\Documents\Vehicle Registration:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
FirewallRules: [{DA610BCD-FFC3-46D8-8438-68AAD19F88ED}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{64C04EF1-78CC-48CB-9A7C-3E8BE3C14789}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4A33\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CD97D817-671B-40A7-B39C-86AC49D80456}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{718B2E3B-97C6-4581-9470-DB80E717A512}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4E37\HPDiagnosticCoreUI.exe No File
FirewallRules: [{B9B3AF56-7243-4BC0-9294-DE2D72939686}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{FE291625-7409-412B-A604-49E0FE1B3A6F}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS1358\HPDiagnosticCoreUI.exe No File
FirewallRules: [{124AB296-20D1-4756-842E-1504DAA8AA3A}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{CC0CDA9C-EDA5-48D4-895E-4E5AD17D1355}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS4FD2\HPDiagnosticCoreUI.exe No File
FirewallRules: [{376D10C9-1805-4994-81A7-90E59034B901}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
FirewallRules: [{DBEA3E0E-9AAB-42EB-8E0D-BD8E269C612D}] => (Allow) C:\Users\Angel\AppData\Local\Temp\7zS2B48\HPDiagnosticCoreUI.exe No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome Notifications" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Users\Angel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk => Shortcut argument removed successfully
C:\Users\Angel\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Users\Angel\OneDrive\Documents\Arrow Material Services => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Bank of America _ Online Banking _credit-print-claim-page_files => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Bankruptcy => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\CyberLink => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\HpReg_Backup => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Sound recordings => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Taxes => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Uber => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\Angel\OneDrive\Documents\Vehicle Registration => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA610BCD-FFC3-46D8-8438-68AAD19F88ED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64C04EF1-78CC-48CB-9A7C-3E8BE3C14789}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD97D817-671B-40A7-B39C-86AC49D80456}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{718B2E3B-97C6-4581-9470-DB80E717A512}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B9B3AF56-7243-4BC0-9294-DE2D72939686}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE291625-7409-412B-A604-49E0FE1B3A6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{124AB296-20D1-4756-842E-1504DAA8AA3A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC0CDA9C-EDA5-48D4-895E-4E5AD17D1355}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{376D10C9-1805-4994-81A7-90E59034B901}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBEA3E0E-9AAB-42EB-8E0D-BD8E269C612D}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 113331106 B
Java, Flash, Steam htmlcache => 2043 B
Windows/system/drivers => 24749414 B
Edge => 73171958 B
Chrome => 740926632 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 50745830 B
systemprofile32 => 50745830 B
LocalService => 50749542 B
NetworkService => 51243922 B
Angel => 263115509 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:26:44 ====

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20699
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Lisa.  Goo work!

Going back to your original post, what you reported about Facebook was most likely another of the types of things that can happen on FB -- cloned accounts, messenger scams and others, including a few of the most recent: Fake Profile Scam, Fake Ads Scam, Free Money Scam and more.  As far as I'm concerned the only thing that makes Facebook usable is F.B. Purity - Clean up and Customize Facebook.  It is available in the Microsoft Store for Microsoft Edge.  Just search for F.B. (FluffBusting)Purity.

As to the odd texts on your phone, can you block the number sending the text, report to your mobile carrier?  Even though I am on the "Do Not Call List", I still get random calls from unknown numbers.  If the number isn't in my contact list, I don't answer it.

Back to your PC, let's do a double-check for any other adware:

Download AdwCleaner and save it to your desktop.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • Read and accept the End User License Agreement.
  • Press the Scan Now button and wait for it to complete.
  • A window titled Scan Results will open.
  • Select Cancel.
  • Click the Log Files button on the left pane.
  • Doubleclick the newest log file to open it in Notepad. (AdwCleaner[Sxx].txt, where x is replaced by a number)
  • Copy and paste the contents of the scan log to your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lisa20

  • Full Member
  • ***
  • Posts: 68
    • View Profile
Thank you for the suggestions/recommendations about FB and text messages! I've been blocking the callers but keep getting new ones. It has been quiet today. I'll look into FB next week. I'm working this weekend.

I just attempted to download AdwCleaner.exe on Microsoft Edge and Google Chrome but received this message; I'll await further instructions tonight:

PAGE NOT FOUND!
Unfortunately the page that you requested does not exist.
Don't worry, though, we have some great suggestions to help you on your way!
Based on the keywords found in the URL that you attempted to visit, we have suggested similar content and articles below.
SUGGESTED TUTORIALS:
Managing your Internet Explorer Temporary Internet Files
How to to disable and enable Taskbar Thumbnail Preview in Windows 7
SUGGESTED VIRUS REMOVAL GUIDES:
How to use Malwarebytes Anti-Malware to scan and remove malware from your computer
How to remove the WannaCry & Wana Decryptor Ransomware

Offline DR M

  • Malware Experts
  • Hero Member
  • *****
  • Posts: 1936
  • Keep on keeping on.
    • View Profile
    • Grecian Geek Genius
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7417
  • Liverpool FC - YNWA
    • View Profile
Lisa20

You can safely use the link DR M provided (thanks for that) ... it points to the current direct link https://www.bleepingcomputer.com/download/adwcleaner/dl/382/

Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20699
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Sorry, Lisa.  I was having problems with the PC that has the various instructions on it and posted an old link.

Thanks DR M and winchester73 for providing the correct information!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.