Author Topic: Windows 10 loaded on laptop.... (Read 5264 times)

hayc59 · « **on:** January 17, 2020, 04:23:33 PM »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2020
Ran by Gordon & Nancy (administrator) on KAI (Hewlett-Packard HP Pavilion g6 Notebook PC) (17-01-2020 10:22:49)
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Loaded Profiles: Gordon & Nancy (Available Profiles: Gordon & Nancy)
Platform: Windows 10 Home Version 1909 18363.592 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Mark Straver -> Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Gordon & Nancy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1841496 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Gordon & Nancy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Gordon & Nancy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\RunOnce: [Uninstall 19.192.0926.0012\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gordon & Nancy\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64"
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\RunOnce: [Uninstall 19.192.0926.0012] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gordon & Nancy\AppData\Local\Microsoft\OneDrive\19.192.0926.0012"
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [HideSCAVolume] 1
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [38400 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-01-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09E85224-8B84-4122-A750-D2BECB823151} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe
Task: {0E70AE0A-50D3-4CD7-85EF-054CA1C1ED20} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {121A23D9-689C-4BF0-8DFA-D45D62550D19} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {16C3F228-651D-4A21-9738-012AB9C2EAED} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {17AF5E85-3140-44FA-B2DE-59F03DEFC3AD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {224094B3-8A90-4EFB-A24D-DD4F32B81884} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2279200F-B4DE-4FD2-8A63-4E188CFFFB9E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {270C9FC5-ABF2-4C0E-A65E-DECA34EB18DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {431D04EC-3AFB-4D17-ABC8-8E364281A8C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {4763D67E-5D44-4E56-946A-636869FADB00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4E97CF6F-928C-426B-817C-7ADB2DE4ECB8} - System32\Tasks\{A48EFA1E-1933-4242-AB51-B3ACA6897DD4} => C:\Windows\system32\pcalua.exe -a "G:\Paragon BackUp\br14-free_eng.exe" -d "G:\Paragon BackUp"
Task: {4EC42F8A-DD7E-47EE-87A4-EC4D88B70802} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {505ED630-88EC-44E4-80FB-4F5F0B5A5F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-06] (Google Inc -> Google LLC)
Task: {5528F22C-2470-4715-ACAE-E274EF6898C7} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {56D36459-E022-4EBB-9CA6-6FF989F84717} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {580DBB17-3661-4061-A706-10B5DBB319C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5EE92166-59A0-4642-9DF3-A2DF2DAE1AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61ACD53F-07CF-4DBF-9861-D8A2B7547BB0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73FA3718-3461-4815-9A8A-6538F09DBE20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-06] (Google Inc -> Google LLC)
Task: {78A4DE43-B0FA-412C-B081-3D53E32D222C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {95E2C139-DE59-440E-AD68-4FDF7801DFF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {9AC0A72E-E3C8-4057-B970-71D4A7B46BF5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9C1992C6-7283-4B32-9960-5A06A6EAA897} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D2FB2ED-EDA7-44AA-860C-313A7F3C64F1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC1612F0-B87F-4930-A132-F980064C99E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B3E7BD52-3D4B-44D1-991E-DEA49BBEA1E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {B4F92E13-73AE-4B30-9FF0-D859A8EA32AD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DD0CA-CFDB-4D3F-85C8-A1FCDBA58FA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C49A5642-E4BD-4A72-9ECE-81BA7A1D2D14} - System32\Tasks\RunUninstallTool_SkipUac => C:\Program Files\Uninstall Tool\UninstallTool.exe [5370368 2017-02-12] (CrystalIDEA Software) [File not signed]
Task: {C6517D15-F9A8-4140-86A8-7DBAD289294B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBAB7799-4094-471F-A379-66A692E7F94F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCCE8766-ABC4-4171-B03C-9BDE39D846FA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D8005743-284D-4CB6-8401-64F81F02BCBC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D98A8D98-7733-4122-A2B4-0E29BDBF9DE4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {D9DCADC3-9A87-4C80-BDD0-8AA180488202} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB4EEFBB-5066-49F2-96C9-F63899D602DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF2FE8BA-50F7-4A8E-ADA8-4578164CD0CE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: {E4D3074F-4029-4C85-B289-5ED38DC8043D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E8427653-0A39-47B3-912C-88A30F6FA4A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ED98280A-09BD-475C-8B61-94848A910D8C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EEE70F66-47D6-4841-AD77-A95AAA04E5CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA6C87DF-49D1-4062-894C-F4A45155BCD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E3FD5480-B005-44A6-8E77-68F03F9CCFBE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {01321355-5952-4CDC-9EE2-377CE8868967} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default [2020-01-17]
FF DownloadDir: C:\Users\Gordon & Nancy\Desktop\Junk
FF Homepage: Moonchild Productions\Pale Moon\Profiles\83k75tzh.default -> hxxps://www.accuweather.com/en/us/salem-or/97301/weather-forecast/330144
FF Extension: (Pale Moon Commander) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\commander@palemoon.org.xpi [2019-08-12] [Legacy] [not signed]
FF Extension: (Classic Toolbar Buttons) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2016-09-18] [Legacy]
FF Extension: (Menu Icons Plus) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\menuiconsplus@codedawn.com.xpi [2016-09-18] [Legacy]
FF Extension: (My Homepage) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\myhomepage_manishjain9@gmail.com.xpi [2016-09-01] [Legacy]
FF Extension: (NewScrollbars (aka NoiaScrollbars)) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\NoiaScrollbars@ArisT2_Noia4dev.xpi [2017-01-03] [Legacy]
FF Extension: (uBlock Origin Updater) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\ublock0-updater@Off.JustOff.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (uBlock Origin) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\uBlock0@raymondhill.net.xpi [2020-01-15] [Legacy] [not signed]
FF Extension: (Flagfox) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-11-09] [Legacy]
FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-09-18] [Legacy]
FF Extension: (Stylish) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2017-11-09] [Legacy]
FF Extension: (NoScript) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-03-23] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-09-07] [Legacy]
FF Extension: (Compact Moon Options) - C:\Users\Gordon & Nancy\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\83k75tzh.default\Extensions\{ff497972-c067-44d8-b98e-98e62085837f}.xpi [2019-08-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_314.dll [2020-01-16] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-16] (Adobe Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

Chrome:
=======
CHR Profile: C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default [2020-01-16]
CHR Extension: (Slides) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-06]
CHR Extension: (Docs) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-06]
CHR Extension: (Google Drive) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-06]
CHR Extension: (YouTube) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-06]
CHR Extension: (Sheets) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-06]
CHR Extension: (Chrome Media Router) - C:\Users\Gordon & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [255472 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2424424 2011-08-29] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-04] (Malwarebytes Inc -> Malwarebytes)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [305152 2011-09-08] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdiox64; C:\WINDOWS\System32\drivers\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21648880 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [674288 2015-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [79488 2011-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [40064 2011-06-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [54192 2017-01-13] (Software Security Systems ChTUP -> CrystalIdea Software)
R3 clwvd; C:\WINDOWS\System32\drivers\clwvd.sys [31088 2010-07-28] (CyberLink -> CyberLink Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [248480 2019-11-12] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2019-03-18] (Microsoft Windows -> MediaTek Inc.)
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [26800 2016-08-19] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\DRIVERS\uim_im.sys [484528 2016-08-19] (Paragon Software GmbH -> )
R3 usbfilter; C:\WINDOWS\System32\DRIVERS\usbfilter.sys [53376 2011-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2020-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2020-01-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-16] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-17 10:21 - 2020-01-17 10:24 - 000000000 ____D C:\FRST
2020-01-16 21:17 - 2020-01-17 10:16 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\ClassicShell
2020-01-16 21:17 - 2020-01-16 21:17 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\ClassicShell
2020-01-16 21:15 - 2020-01-16 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2020-01-16 21:15 - 2020-01-16 21:15 - 000000000 ____D C:\Program Files\Classic Shell
2020-01-16 20:02 - 2020-01-16 20:02 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-01-16 20:02 - 2020-01-16 20:02 - 000002890 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-01-16 20:00 - 2020-01-16 20:00 - 024578944 _____ (Piriform Software Ltd) C:\Users\Gordon & Nancy\Downloads\ccsetup563.exe
2020-01-16 19:40 - 2020-01-16 19:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-01-16 13:21 - 2020-01-16 13:21 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\D3DSCache
2020-01-16 01:56 - 2020-01-16 01:56 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\Comms
2020-01-16 01:53 - 2020-01-16 01:56 - 000000000 ____D C:\ProgramData\Packages
2020-01-16 01:46 - 2020-01-17 10:14 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3675653720-2737141039-3862127861-1002
2020-01-16 01:46 - 2020-01-17 10:14 - 000000000 ___RD C:\Users\Gordon & Nancy\OneDrive
2020-01-16 01:42 - 2020-01-16 11:52 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\PlaceholderTileLogoFolder
2020-01-16 01:41 - 2020-01-16 01:41 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-01-16 01:41 - 2020-01-16 01:41 - 000000000 ____D C:\ProgramData\ATI
2020-01-16 01:37 - 2020-01-16 01:37 - 000000000 ___HD C:\Users\Gordon & Nancy\MicrosoftEdgeBackups
2020-01-16 01:37 - 2020-01-16 01:37 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\MicrosoftEdge
2020-01-16 01:36 - 2020-01-16 11:15 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\Publishers
2020-01-16 01:35 - 2020-01-16 19:25 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-01-16 01:35 - 2020-01-16 18:19 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\Packages
2020-01-16 01:35 - 2020-01-16 01:35 - 000000000 ___RD C:\Users\Gordon & Nancy\3D Objects
2020-01-16 01:34 - 2020-01-16 11:43 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\ConnectedDevicesPlatform
2020-01-16 01:34 - 2020-01-16 01:34 - 000000020 ___SH C:\Users\Gordon & Nancy\ntuser.ini
2020-01-16 01:30 - 2020-01-17 10:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-16 01:30 - 2020-01-16 11:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-01-16 01:30 - 2020-01-16 01:31 - 000004070 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{CB7ADAC4-5651-4FE5-855F-C84CDA0546AC}
2020-01-16 01:30 - 2020-01-16 01:31 - 000003740 _____ C:\WINDOWS\system32\Tasks\Registration
2020-01-16 01:30 - 2020-01-16 01:31 - 000003446 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-16 01:30 - 2020-01-16 01:31 - 000003284 _____ C:\WINDOWS\system32\Tasks\{A48EFA1E-1933-4242-AB51-B3ACA6897DD4}
2020-01-16 01:30 - 2020-01-16 01:31 - 000003102 _____ C:\WINDOWS\system32\Tasks\RunUninstallTool_SkipUac
2020-01-16 01:30 - 2020-01-16 01:30 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2020-01-16 01:30 - 2020-01-16 01:30 - 000007623 _____ C:\WINDOWS\diagerr.xml
2020-01-16 01:30 - 2020-01-16 01:30 - 000003318 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-16 01:30 - 2020-01-16 01:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2020-01-16 01:30 - 2020-01-16 01:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Internet Security
2020-01-16 01:30 - 2020-01-16 01:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2020-01-16 01:18 - 2020-01-17 10:14 - 000002427 _____ C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-16 01:18 - 2020-01-16 11:06 - 000935052 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-16 01:18 - 2020-01-16 01:46 - 000000000 ____D C:\Users\Gordon & Nancy
2020-01-16 01:12 - 2020-01-16 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2020-01-16 01:11 - 2020-01-16 01:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-01-16 01:10 - 2019-10-06 18:55 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-01-16 01:02 - 2020-01-16 14:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-16 01:02 - 2020-01-16 01:22 - 000304904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-16 01:01 - 2020-01-16 01:33 - 000000000 ____D C:\Windows.old
2020-01-16 00:40 - 2020-01-16 00:40 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-01-16 00:40 - 2020-01-16 00:40 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2020-01-16 00:38 - 2020-01-16 00:38 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-01-16 00:25 - 2020-01-16 00:25 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 006232576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 005501952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 004307968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 002956472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 002399232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001866272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-01-16 00:25 - 2020-01-16 00:25 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-01-16 00:25 - 2020-01-16 00:25 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2020-01-16 00:25 - 2020-01-16 00:25 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-01-16 00:25 - 2020-01-16 00:25 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2020-01-16 00:25 - 2020-01-16 00:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2020-01-16 00:25 - 2020-01-16 00:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2020-01-16 00:24 - 2020-01-16 00:24 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 007195648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 004150272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 003967920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 003752960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002988344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 002772272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002258848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001916984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001691648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000679152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-01-16 00:24 - 2020-01-16 00:24 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000404904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000380944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000375720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000251512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-01-16 00:24 - 2020-01-16 00:24 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accessibilitycpl.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-01-16 00:24 - 2020-01-16 00:24 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dl

hayc59 · « **Reply #1 on:** January 17, 2020, 04:24:47 PM »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2020
Ran by Gordon & Nancy (17-01-2020 10:28:51)
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Windows 10 Home Version 1909 18363.592 (X64) (2020-01-16 09:33:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3675653720-2737141039-3862127861-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3675653720-2737141039-3862127861-503 - Limited - Disabled)
Gordon & Nancy (S-1-5-21-3675653720-2737141039-3862127861-1002 - Administrator - Enabled) => C:\Users\Gordon & Nancy
Guest (S-1-5-21-3675653720-2737141039-3862127861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3675653720-2737141039-3862127861-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3675653720-2737141039-3862127861-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSeePro (HKLM-x32\...\ACDSeePro) (Version: 9.3.0.545 - ACD Systems International Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2169, 08.01.2020 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 4.15.0.42702 - Marcin Szeniak)
BurnAware Professional 12.5 (HKLM-x32\...\BurnAware Professional_is1) (Version: - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Inpaint 8.1 (HKLM\...\{5808866F-D115-46B2-8123-BB6801968101}_is1) (Version: - Teorex)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Pale Moon 28.8.1 (x64 en-US) (HKLM\...\Pale Moon 28.8.1 (x64 en-US)) (Version: 28.8.1 - Moonchild Productions)
PDF Shaper Professional 9.6 (HKLM-x32\...\PDF Shaper Professional_is1) (Version: - Burnaware)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.2 - CrystalIDEA Software, Inc.)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-01-16] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-01-08] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [sx_ISO] -> {10E19A29-0E8D-49B7-9587-1760938EE690} => C:\Program Files (x86)\BurnAware Professional\bashell64.dll [2018-05-17] (Burnaware -> Burnaware)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-01-08] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2011-09-15 14:15 - 2011-09-15 14:15 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-09-15 14:15 - 2011-09-15 14:15 - 000103424 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2019-10-19 01:01 - 2019-10-19 01:01 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2018-08-16 13:17 - 2020-01-15 21:14 - 000517632 _____ (Mozilla Foundation) [File not signed] C:\Program Files\Pale Moon\freebl3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [288]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Gordon\animalfamilies14.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: MpsSvc => 2
MSCONFIG\startupreg: Adobe ARM =>
MSCONFIG\startupreg: jv16 PT 2017 (Startup Optimizer) => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /StartupOptimizer /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

16-01-2020 11:13:26 Removed Microsoft Office 2010

==================== Faulty Device Manager Devices ============

hayc59 · « **Reply #2 on:** January 17, 2020, 04:27:59 PM »

thank you for the ook over and help!! the only issue i have is on boot up or restart is a pop up stating is

IDT PC AUDIO STOPPED

I would like nothing needed gone and if i dont use it gone thnak you so much G

hayc59 · « **Reply #3 on:** January 17, 2020, 05:12:13 PM »

Update.... googled IDT issue and got a new driver from HP no more errors

Corrine · « **Reply #4 on:** January 17, 2020, 05:56:04 PM »

Hi, G.

I'm glad the driver update worked. I was about to post a link to the solution on the HP site.

It appears you had Avira installed on this device at one time but it isn't showing in installed programs and you have Windows Defender set as your AV. I suggest you go to Select Start > Settings > Update & Security > Windows Security > Virus & threat protection > Manage settings and uncheck Avira.

At one time did you have Windows Media Center installed on this device?

Your logs are incomplete due to the length. Please do the following:

-- open the FRST log and locate "2020-01-16 00:24 - 2020-01-16 00:24 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dl". Copy/paste the rest of the log and post it in your next reply.

-- open the Addition.txt and locate "==================== Faulty Device Manager Devices ============='. Copy/paste the rest of the log and post it in your next reply.

hayc59 · « **Reply #5 on:** January 17, 2020, 08:02:42 PM »

2020-01-16 00:24 - 2020-01-16 00:24 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dl

is that it?? no avira in that area and i do believe media center was there??

hayc59 · « **Reply #6 on:** January 17, 2020, 08:05:36 PM »

FRST.txt continued:

2020-01-16 00:24 - 2020-01-16 00:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-01-16 00:24 - 2020-01-16 00:24 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-01-16 00:24 - 2020-01-16 00:24 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\posetup.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-01-16 00:24 - 2020-01-16 00:24 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000028344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2020-01-16 00:24 - 2020-01-16 00:24 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2020-01-16 00:24 - 2020-01-16 00:24 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 007849424 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 006227104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 006166016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 005890048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 004615616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 004047360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003791360 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003591208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003371928 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002126112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002120704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 002114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001974824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-01-16 00:23 - 2020-01-16 00:23 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-01-16 00:23 - 2020-01-16 00:23 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001259416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 001171704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001069064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000911824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000874936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000874536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000657424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000586768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000517432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000466928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000461320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000372752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000322504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000291256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000204816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000113160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000105488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-01-16 00:23 - 2020-01-16 00:23 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-01-16 00:23 - 2020-01-16 00:23 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2020-01-16 00:23 - 2020-01-16 00:23 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2020-01-16 00:23 - 2020-01-16 00:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-01-16 00:23 - 2020-01-16 00:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\WINDOWS\system32\msmq
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\Program Files\MSBuild
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-16 00:11 - 2020-01-16 00:11 - 000000000 ____D C:\inetpub
2020-01-16 00:09 - 2019-03-01 17:31 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2020-01-16 00:09 - 2019-03-01 17:31 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2020-01-16 00:09 - 2019-03-01 17:31 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2020-01-16 00:09 - 2019-02-05 18:41 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2020-01-16 00:09 - 2019-02-05 18:41 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-01-16 00:09 - 2019-02-05 18:41 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2020-01-16 00:08 - 2019-03-18 19:21 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2020-01-16 00:08 - 2019-03-18 19:20 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-01-16 00:08 - 2019-03-18 19:16 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2020-01-16 00:08 - 2019-03-18 18:15 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2020-01-16 00:08 - 2019-03-18 18:09 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2020-01-16 00:08 - 2019-03-01 17:33 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2020-01-16 00:08 - 2018-08-09 14:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2020-01-16 00:00 - 2020-01-16 00:00 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-16 00:00 - 2020-01-16 00:00 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-15 23:10 - 2020-01-16 13:12 - 000000000 ___DC C:\WINDOWS\Panther
2020-01-15 22:47 - 2020-01-15 22:47 - 000000000 ___HD C:\$Windows.~WS
2020-01-15 21:18 - 2020-01-15 23:10 - 000000000 ____D C:\ESD
2020-01-08 10:56 - 2020-01-16 01:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2020-01-08 10:54 - 2020-01-16 19:58 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Mp3tag

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-17 10:27 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-17 10:22 - 2016-08-20 19:52 - 000000000 ____D C:\Users\Gordon & Nancy\Desktop\Junk
2020-01-16 21:28 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-16 20:08 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-16 20:04 - 2017-05-22 23:20 - 000000000 ____D C:\temp
2020-01-16 18:56 - 2016-08-20 14:22 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\Hewlett-Packard
2020-01-16 18:56 - 2011-10-25 20:08 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-01-16 18:56 - 2011-08-31 10:05 - 000000000 ___HD C:\HP
2020-01-16 18:39 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-01-16 18:39 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-01-16 18:39 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-16 18:19 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-16 13:45 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-16 13:44 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-16 13:18 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-16 11:52 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-01-16 11:26 - 2016-08-20 14:20 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Local\VirtualStore
2020-01-16 11:16 - 2011-10-25 20:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-01-16 11:12 - 2010-11-20 19:27 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-01-16 11:08 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-01-16 11:02 - 2019-12-14 13:01 - 000000258 __RSH C:\ProgramData\ntuser.pol
2020-01-16 01:55 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-01-16 01:49 - 2012-02-13 10:02 - 000000000 ____D C:\Program Files\AMD
2020-01-16 01:49 - 2012-02-13 10:01 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2020-01-16 01:45 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-01-16 01:33 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-01-16 01:31 - 2019-03-18 20:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-16 01:29 - 2019-03-18 20:52 - 000000000 __RHD C:\Users\Public\Libraries
2020-01-16 01:28 - 2019-10-06 15:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-16 01:20 - 2016-10-12 17:24 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-01-16 01:17 - 2016-11-19 12:08 - 000891386 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2020-01-16 01:13 - 2019-03-18 20:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-01-16 01:13 - 2019-03-18 20:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-01-16 01:11 - 2017-01-17 12:01 - 000000000 ____D C:\ProgramData\Package Cache
2020-01-16 01:10 - 2012-02-13 10:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2020-01-16 01:01 - 2019-11-04 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-16 01:01 - 2019-10-06 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2020-01-16 01:01 - 2019-03-18 20:56 - 000000000 ____D C:\WINDOWS\Setup
2020-01-16 01:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2020-01-16 01:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-16 01:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\Help
2020-01-16 01:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\Cursors
2020-01-16 01:01 - 2019-03-18 20:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-16 01:01 - 2019-03-18 20:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-01-16 01:01 - 2018-03-23 14:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BCUninstaller
2020-01-16 01:01 - 2018-02-16 15:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint 7
2020-01-16 01:01 - 2018-02-02 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AtomTime Pro
2020-01-16 01:01 - 2017-01-20 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2020-01-16 01:01 - 2016-12-27 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2020-01-16 01:01 - 2016-12-27 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2020-01-16 01:01 - 2016-10-12 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-01-16 01:01 - 2016-10-10 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional
2020-01-16 01:01 - 2016-09-15 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2020-01-16 01:01 - 2016-09-15 12:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
2020-01-16 01:01 - 2016-09-15 11:32 - 000000000 ____D C:\WINDOWS\ShellNew
2020-01-16 01:01 - 2016-09-08 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Shaper Professional
2020-01-16 01:01 - 2016-09-08 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Pro
2020-01-16 01:01 - 2016-08-31 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-01-16 01:01 - 2016-08-20 14:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2020-01-16 01:01 - 2011-10-25 20:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2020-01-16 01:01 - 2011-10-25 20:25 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2020-01-16 01:01 - 2011-10-25 20:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2020-01-16 01:01 - 2011-10-25 20:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2020-01-16 01:01 - 2011-10-25 20:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2020-01-16 01:01 - 2009-07-13 19:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2020-01-16 01:01 - 2009-07-13 19:20 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-01-16 01:01 - 2009-07-13 19:20 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-01-16 00:41 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2020-01-16 00:41 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-01-16 00:41 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\IME
2020-01-16 00:41 - 2012-02-13 10:05 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2020-01-16 00:40 - 2019-03-18 20:52 - 000000000 __SHD C:\Program Files\Windows Sidebar
2020-01-16 00:40 - 2019-03-18 20:52 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2020-01-16 00:40 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\schemas
2020-01-16 00:40 - 2017-01-07 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
2020-01-16 00:40 - 2016-11-19 11:58 - 000000000 ____D C:\Program Files\Synaptics
2020-01-16 00:40 - 2009-07-13 21:32 - 000000000 ____D C:\Program Files\Microsoft Games
2020-01-16 00:40 - 2009-07-13 21:32 - 000000000 ____D C:\Program Files\DVD Maker
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-01-16 00:34 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-16 00:11 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2020-01-16 00:11 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-01-16 00:10 - 2019-10-06 18:56 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2020-01-16 00:10 - 2019-10-06 18:56 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2020-01-16 00:10 - 2019-10-06 18:56 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2020-01-16 00:10 - 2019-03-18 21:00 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2020-01-16 00:10 - 2019-03-18 21:00 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2020-01-16 00:10 - 2019-03-18 21:00 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2020-01-16 00:10 - 2019-03-18 21:00 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2020-01-16 00:10 - 2019-03-18 21:00 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2020-01-16 00:10 - 2019-03-18 21:00 - 000009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2020-01-16 00:10 - 2019-03-18 20:58 - 001401344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2020-01-16 00:10 - 2019-03-18 20:58 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2020-01-16 00:10 - 2019-03-18 20:58 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2020-01-16 00:10 - 2019-03-18 20:58 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2020-01-16 00:10 - 2019-03-18 20:58 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2020-01-16 00:10 - 2019-03-18 20:58 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2020-01-16 00:10 - 2019-03-18 20:58 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2020-01-16 00:10 - 2019-03-18 20:58 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2020-01-16 00:10 - 2019-03-18 20:58 - 000009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2020-01-16 00:10 - 2019-03-18 20:57 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2020-01-16 00:09 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-01-15 23:39 - 2009-07-13 20:45 - 000032064 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-15 23:39 - 2009-07-13 20:45 - 000032064 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-15 21:14 - 2018-08-16 13:17 - 000000000 ____D C:\Program Files\Pale Moon
2020-01-08 12:55 - 2016-08-21 10:44 - 000000000 ____D C:\Users\Gordon & Nancy\AppData\Roaming\AIMP
2020-01-08 12:51 - 2016-08-21 10:44 - 000000000 ____D C:\Program Files (x86)\AIMP
2020-01-08 10:56 - 2016-10-01 15:29 - 000000000 ____D C:\Program Files (x86)\Mp3tag

==================== Files in the root of some directories ========

2016-12-27 16:21 - 2016-12-27 16:21 - 000000020 ___SH () C:\Users\Gordon & Nancy\AppData\Roaming\1816CA7466166.ind
2016-08-21 16:07 - 2017-01-03 00:49 - 000000202 _____ () C:\Users\Gordon & Nancy\AppData\Roaming\burnaware.ini
2016-09-08 11:12 - 2017-02-07 10:08 - 000000122 _____ () C:\Users\Gordon & Nancy\AppData\Roaming\pdfshaper.ini
2016-12-27 16:21 - 2016-12-27 16:21 - 000000020 ___SH () C:\Users\Gordon & Nancy\AppData\Roaming\Programs8187ConfigDB.dat
2016-12-31 10:03 - 2017-01-03 00:56 - 000015098 _____ () C:\Users\Gordon & Nancy\AppData\Local\kritarc

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

hayc59 · « **Reply #7 on:** January 17, 2020, 08:09:04 PM »

wow this is hard lol and sorry

Corrine · « **Reply #8 on:** January 17, 2020, 10:20:31 PM »

I deleted two of your posts that were partial duplicates of your FRST log and edited . I also edited Reply #6 to remove what was duplicated in the initial FRST log, also labeling it as FRST.txt continued. I have the feeling that the FRST.txt you had copied was still in memory and, as a result, still need the rest of the Addition.txt log. Because of the upgrade from Windows 7 to Windows 10, the logs are extremely long.

Please do the following:

1. Go to C:\Users\Gordon & Nancy\Desktop\Junk and open Addition.txt.
2. Locate "==================== Faulty Device Manager Devices ============="
3. Copy paste the lines after that to the end of the log which will have the following:
==================== End of Addition.txt ============================

As to Avira, if you look at the Additiona.txt log under "Installed Programs", note that Avira is not listed:

Quote

ACDSeePro (HKLM-x32\...\ACDSeePro) (Version: 9.3.0.545 - ACD Systems International Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2169, 08.01.2020 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)

hayc59 · « **Reply #9 on:** January 17, 2020, 10:31:47 PM »

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/17/2020 10:15:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Faulting module name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Exception code: 0xc000041d
Fault offset: 0x000000000000d8fa
Faulting process id: 0x1990
Faulting application start time: 0x01d5cd61c9dd5963
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: 9d3309f5-e085-4bf4-941f-6e9bfae904b5
Faulting package full name:
Faulting package-relative application ID:

Error: (01/17/2020 10:13:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Faulting module name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Exception code: 0xc0000005
Fault offset: 0x000000000000d8fa
Faulting process id: 0x1990
Faulting application start time: 0x01d5cd61c9dd5963
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: a47397b9-b176-4d14-a607-6b3b411bc311
Faulting package full name:
Faulting package-relative application ID:

Error: (01/17/2020 10:12:19 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (01/16/2020 09:28:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/16/2020 09:28:50 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/16/2020 09:10:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Faulting module name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Exception code: 0xc000041d
Fault offset: 0x000000000000d8fa
Faulting process id: 0x1744
Faulting application start time: 0x01d5ccf45a299ef1
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: 4c0adb83-7bc3-44c5-ba5b-1422d1d7a3c2
Faulting package full name:
Faulting package-relative application ID:

Error: (01/16/2020 09:10:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Faulting module name: sttray64.exe, version: 1.0.6365.0, time stamp: 0x4e68a08d
Exception code: 0xc0000005
Fault offset: 0x000000000000d8fa
Faulting process id: 0x1744
Faulting application start time: 0x01d5ccf45a299ef1
Faulting application path: C:\Program Files\IDT\WDM\sttray64.exe
Faulting module path: C:\Program Files\IDT\WDM\sttray64.exe
Report Id: ec575ae1-c823-4d6e-a73e-bb9970198eaa
Faulting package full name:
Faulting package-relative application ID:

Error: (01/16/2020 09:09:03 PM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

System errors:
=============
Error: (01/17/2020 10:11:48 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (01/16/2020 09:09:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The parameter is incorrect.

Error: (01/16/2020 09:08:32 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (01/16/2020 08:13:59 PM) (Source: DCOM) (EventID: 10000) (User: Kai)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/16/2020 07:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/16/2020 07:39:44 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (01/16/2020 07:20:28 PM) (Source: DCOM) (EventID: 10000) (User: Kai)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/16/2020 07:15:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
The system cannot find the file specified.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.44 11/14/2011
Motherboard: Hewlett-Packard 169B
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 3562.9 MB
Available physical RAM: 1409.25 MB
Total Virtual: 7146.9 MB
Available Virtual: 4785.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.89 GB) (Free:414.24 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{d03c1558-672b-11e6-971c-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS
\\?\Volume{b0b9757b-0000-0000-0000-304574000000}\ () (Fixed) (Total:0.68 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B0B9757B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=694 MB) - (Type=27)

==================== End of Addition.txt =======================

hayc59 · « **Reply #10 on:** January 17, 2020, 10:32:15 PM »

C sorry about all this
i guess cannot use windows media player

Corrine · « **Reply #11 on:** January 17, 2020, 10:34:53 PM »

What above Avira? Can you access it? As I indicated, it is not shown in Installed Programs.

By the way, it has been a long day for me so I'm going to wait until I've had sufficient coffee tomorrow and take a close look at your logs.

hayc59 · « **Reply #12 on:** January 18, 2020, 01:16:39 AM »

Quote from: Corrine on January 17, 2020, 10:34:53 PM

What above Avira? Can you access it? As I indicated, it is not shown in Installed Programs.

By the way, it has been a long day for me so I'm going to wait until I've had sufficient coffee tomorrow and take a close look at your logs.

Avira no cant get to it at all? it does not show up in installed programs

Corrine · « **Reply #13 on:** January 18, 2020, 03:07:03 PM »

Please do the following:

1. Go to Control Panel\All Control Panel Items\Programs and Features and uninstall the following programs, leftovers from the upgrade to Windows 10.

Microsoft Silverlight
Windows Live Mesh ActiveX Control for Remote Connections
ESU for Microsoft Windows 7 SP1
Microsoft Office XP Professional*

*Windows Vista is the last operating system that supported Microsoft Office XP Professional.

2. The logs show that Windows Firewall is disabled. Please follow the instructions at Turn Windows Defender Firewall on or off to enable Windows Firewall.

3. Since Avira is no longer installed on your computer, I suggest you follow the instructions at https://support.avira.com/hc/en-us/articles/360002858514-How-do-I-perform-a-manual-reinstallation-of-my-Avira-Antivirus-product-?utm_source=CS&utm_medium=KB for Windows 10, including running the Avira Registry Cleaner.

3. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ".

Code: [Select]

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [HideSCAVolume] 1
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-01-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
C:\Program Files (x86)\Common Files\wruninstall.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0E70AE0A-50D3-4CD7-85EF-054CA1C1ED20} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {121A23D9-689C-4BF0-8DFA-D45D62550D19} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {16C3F228-651D-4A21-9738-012AB9C2EAED} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {17AF5E85-3140-44FA-B2DE-59F03DEFC3AD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {2279200F-B4DE-4FD2-8A63-4E188CFFFB9E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {270C9FC5-ABF2-4C0E-A65E-DECA34EB18DB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4763D67E-5D44-4E56-946A-636869FADB00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EC42F8A-DD7E-47EE-87A4-EC4D88B70802} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56D36459-E022-4EBB-9CA6-6FF989F84717} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EE92166-59A0-4642-9DF3-A2DF2DAE1AA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61ACD53F-07CF-4DBF-9861-D8A2B7547BB0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78A4DE43-B0FA-412C-B081-3D53E32D222C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AC0A72E-E3C8-4057-B970-71D4A7B46BF5} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9C1992C6-7283-4B32-9960-5A06A6EAA897} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D2FB2ED-EDA7-44AA-860C-313A7F3C64F1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AC1612F0-B87F-4930-A132-F980064C99E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4F92E13-73AE-4B30-9FF0-D859A8EA32AD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C47DD0CA-CFDB-4D3F-85C8-A1FCDBA58FA5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6517D15-F9A8-4140-86A8-7DBAD289294B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CBAB7799-4094-471F-A379-66A692E7F94F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CCCE8766-ABC4-4171-B03C-9BDE39D846FA} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D8005743-284D-4CB6-8401-64F81F02BCBC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D9DCADC3-9A87-4C80-BDD0-8AA180488202} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB4EEFBB-5066-49F2-96C9-F63899D602DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E4D3074F-4029-4C85-B289-5ED38DC8043D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
C:\WINDOWS\ehome
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
MSCONFIG\startupreg: jv16 PT 2017 (Startup Optimizer) => "C:\Program Files (x86)\jv16 PowerTools 2017\jv16pt_PreWorker2.exe" /StartupOptimizer /PT:"C:\Program Files (x86)\jv16 PowerTools 2017\"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
EmptyTemp:
End::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
Please post the log in your next reply.

4. Please do a scan with ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
Click on Get Started.
Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
Click on the Full Scan option.
Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

hayc59 · « **Reply #14 on:** January 18, 2020, 07:05:33 PM »

wow..scan from eset is for ever two hours one issue so far

LandzDown Forum

News:

Author Topic: Windows 10 loaded on laptop.... (Read 5264 times)

hayc59

Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

Corrine

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

Corrine

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

Corrine

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....

Corrine

Re: Windows 10 loaded on laptop....

hayc59

Re: Windows 10 loaded on laptop....