CPU usage high even on idle; when I open Task Manager utilization immediately dr

As stated, I will hear my computer fan revving up like my computer is working hard when I'm not using it, or it will rev up when I'm not doing much but browsing the web. I thought it was because my computer was just kinda crappy by today's standards, it's coming on about five years old but the specs are still pretty decent. This made me suspicious and I wanted to look into it but every time I open Task Manager I'll see the utilization percentage at 100% and then immediately drop to whatever is appropriate for what I"m running, usually somewhere betwen 1 - 15%I replaced the HD with an SSD in April fresh installed my OS onto the new SSD, went through hours and hours of updates, and then reinstalled all my programs for a clean start.Steps I have taken:Updated and ran Malwarebytes, nothing detectedDownloaded and ran Trend-Micro House Call, nothing detectedTried to look through Farbar files but reading it is beyond my level of competencyAny help you can give me is greatly appreciated! Hopefully the info I have provided is sufficient, will answer any questions ASAP. I am officially humbled by how much I now know I don't know!

----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-09-2020Ran by Becky (administrator) on MYBRAIN (Hewlett-Packard HP ENVY 15 Notebook PC) (05-09-2020 06:27:15)Running from C:\Users\Becky\OneDrive\Desktop\Malware TroubleshootingLoaded Profiles: BeckyPlatform: Windows 10 Pro Version 1909 18363.1016 (X64) Language: English (United States)Default browser: FFBoot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe(Dominik Levitsky Studio, LLC -> Dominik Levitsky Studio, LLC) C:\Program Files\FontBase\FontBase.exe <11>(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\FileCoAuth.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.51.22441.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2007.1.0_x64__8wekyb3d8bbwe\Calculator.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12008.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\MsMpEng.exe(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2008.9-0\NisSrv.exe(Mozilla Corporation -> Mozilla) C:\Program Files\Mozilla\Mozilla VPN\MozillaVPN.exe(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe==================== Registry (Whitelisted) ===================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-08] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8506112 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)HKLM-x32\...\Run: [YouCam Service9] => C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe [404288 2019-10-29] (CyberLink Corp. -> CyberLink Corp.)HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1915752 2020-09-01] (Microsoft Corporation -> Microsoft Corporation)HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48594832 2020-06-15] (Google LLC -> )HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [Firefox Private Network VPN] => C:\Program Files\Mozilla\Firefox Private Network VPN\FirefoxPrivateNetworkVPN.exe -sHKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Run: [electron.app.FontBase] => C:\Program Files\FontBase\FontBase.exe [104457624 2020-04-21] (Dominik Levitsky Studio, LLC -> Dominik Levitsky Studio, LLC)HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [372736 2020-06-12] (Microsoft Windows -> Microsoft Corporation)HKLM\...\Windows x64\Print Processors\Canon TS9500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDER.DLL [482816 2018-11-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)HKLM\...\Print\Monitors\Canon BJ Language Monitor TS9500 series: C:\WINDOWS\system32\CNMLMER.DLL [904192 2018-11-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe [2020-08-27] (Google LLC -> Google LLC)HKLM\Software\...\Authentication\Credential Providers: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2019-10-29] (CyberLink Corp. -> CyberLink)HKLM\Software\...\Authentication\Credential Provider Filters: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2019-10-29] (CyberLink Corp. -> CyberLink)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update UWP App.lnk [2020-06-29]ShortcutAndArgument: Update UWP App.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -WindowStyle Hidden -NoLogo -NonInteractive -InputFormat None -NoProfile -ExecutionPolicy Bypass -Command "& '' -PackagePath 'C:\Program Files (x86)\LastPass\lpwinmetro.appxbundle' -PackageName 'LastPass.LastPass' -ExpectedVersionFilePath 'C:\Program Files (xStartup: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-08-07]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION==================== Scheduled Tasks (Whitelisted) ============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {00D3F5DD-0BCF-4D26-8EE7-882AA09C66C7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {064EB270-C810-4477-B703-5E702D340573} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {067CE388-8E19-47E2-B445-37DB18B89881} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-18] (Google LLC -> Google LLC)Task: {09F3784E-1806-47E5-9AE7-3D48FFA65727} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exeTask: {0AC24891-1E5A-42D4-9F86-2273C3FCF915} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exeTask: {13A79AD6-3E9D-4231-BF4D-6731C8B752B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {167C421E-E6D2-496B-8D83-D2E14188C255} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)Task: {180665A6-F21C-4A37-948F-424946D006AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1133912 2020-06-19] (HP Inc. -> HP Inc.)Task: {184D8764-9CDE-4C01-AC0A-846DC64814B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1133912 2020-06-19] (HP Inc. -> HP Inc.)Task: {2A2E1E10-707B-4811-8610-6197953FB50F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2751856 2020-09-01] (Microsoft Corporation -> Microsoft Corporation)Task: {2EB393C3-46DD-48FE-A5E5-F80D1258D720} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exeTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exeTask: {3A314C3A-1EFA-409C-8A6B-A4603D32EDA4} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-01] (Mozilla Corporation -> Mozilla Foundation)Task: {3DD92040-DF63-4D48-8D01-B5F7F34FE38F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)Task: {4B28C3A5-4422-42B4-A58A-C7519F8F6B73} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exeTask: {4BDEB3D1-BCEA-4768-AA1D-6E8275918E19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)Task: {4C8EF48A-D9EB-48BB-808C-BE38D9DC60BF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exeTask: {55BA64D2-D261-4184-81BE-157DA6742F86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)Task: {66FBC0FE-4FF7-4B30-91AD-19E2C4C8C919} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {6A9600E7-29B6-4015-ACA2-2A5B97705A51} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)Task: {6CBA23CE-2534-4C90-A1A2-3A11CA57DF04} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exeTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}Task: {718E3241-5354-4996-8907-06F492224699} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exeTask: {7BD840F9-0D01-4243-89DA-916A817498C1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {848202D3-5AA6-47B4-9968-26F58310BA6F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}Task: {87CC977A-FA4E-4B94-9987-E92122D2D496} - System32\Tasks\LastPassUpdater => C:\Program Files (x86)\LastPass\Updater\Updater.exe [2865688 2020-06-16] (LogMeIn, Inc. -> )Task: {93151C7E-118E-4E31-B673-25FAB429FA74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)Task: {949C7C6E-C539-4DBD-954B-B2BC9B024A1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exeTask: {9827EAAD-1CDF-4345-8F70-80D320687445} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {99298431-BCC3-4525-8CA3-E3D7F9F64778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)Task: {9C3AE34C-51A6-4B06-A47E-A6AC8167DE64} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)Task: {AA6A2B13-AF1A-4DFA-9601-282F985C60C9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)Task: {AC276751-A430-4EB2-AA2E-9D6C54369058} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exeTask: {AC559715-61BC-4901-B587-5ABF3D8FB445} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exeTask: {B1424196-9D30-4D02-B1C0-A2766B6B1534} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [324952 2020-06-19] (HP Inc. -> HP Inc.)Task: {BCA8E55F-B920-409C-9C4D-ED0C93758466} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155488 2020-08-19] (Microsoft Corporation -> Microsoft Corporation)Task: {BF3B4F29-38DD-4B9A-91F2-163B0F5667D6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exeTask: {C664E1E9-831F-484F-B949-E446477656B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.)Task: {CDCD3A02-7097-4F14-8DCC-DD6F13B8F695} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exeTask: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}Task: {D5C37A8D-A14A-48CF-AEBD-743DE129686F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MpCmdRun.exe [525032 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)Task: {D7FACECA-166D-44A2-B4D6-9507F4B807B4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exeTask: {DA8AC18B-8FC3-4601-8F8B-4F203A93E1EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)Task: {DC93CD29-1780-43FB-BA9D-45FFAAF44D0A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exeTask: {DFF2716A-9978-4791-98AE-2BF5C363692A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}Task: {EAD439B0-5C99-4DE9-AC64-EA04A6596449} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exeTask: {ECE3C476-5451-4FE7-A9D9-7BD3A1AFBDF0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155488 2020-08-19] (Microsoft Corporation -> Microsoft Corporation)Task: {F2DAB858-6700-4626-ACBD-35D0423FA22F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-18] (Google LLC -> Google LLC)Task: {F51BA0EC-B9A6-405B-9A65-587054B60CF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{7A34235F-51DB-4E44-B855-CDBDB7A7DB7B}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{E06F89F8-2B1F-4CF0-9166-44A5FCD78C86}: [DhcpNameServer] 192.168.1.1Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTIONHKU\S-1-5-21-3524049003-4065508712-3135555920-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehpBHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2020-06-16] (LogMeIn, Inc. -> LastPass)BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2020-06-16] (LogMeIn, Inc. -> LastPass)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2020-06-16] (LogMeIn, Inc. -> LastPass)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2020-06-16] (LogMeIn, Inc. -> LastPass)Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)Edge:======Edge Profile: C:\Users\Becky\AppData\Local\Microsoft\Edge\User Data\Default [2020-05-19]Edge HKLM-x32\...\Edge\Extension: [bbcinlkgjjkejfdpemiealijmmooekmp]FireFox:========FF DefaultProfile: mi8sgg2h.defaultFF ProfilePath: C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\mi8sgg2h.default [2020-04-23]FF ProfilePath: C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release [2020-09-05]FF Notifications: Mozilla\Firefox\Profiles\9o1uynsj.default-release -> hxxps://mail.google.com; hxxps://calendar.google.comFF Extension: (Facebook Container) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\@contain-facebook.xpi [2020-04-23]FF Extension: (Default Bookmark Folder) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\default-bookmark-folder@gustiaux.com.xpi [2020-08-19]FF Extension: (Emoji) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\emoji@saveriomorelli.com.xpi [2020-09-04]FF Extension: (Foxtana Pro - Redirect Cortana and Bing) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\extension@foxtana.com.xpi [2020-05-19]FF Extension: (Save to Trello) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\firefox-trello-add-card@wixiweb.fr.xpi [2020-06-13]FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\firefox@ghostery.com.xpi [2020-08-22]FF Extension: (Webmail Ad Blocker) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\gmailnoads@mywebber.com.xpi [2020-04-23]FF Extension: (Notes by Firefox) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\notes@mozilla.com.xpi [2020-08-07]FF Extension: (Firefox Relay) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\private-relay@firefox.com.xpi [2020-08-19]FF Extension: (LastPass: Free Password Manager) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\support@lastpass.com.xpi [2020-08-28]FF Extension: (Toggl Button: Productivity & Time Tracker) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\toggl-button@toggl.com.xpi [2020-08-22]FF Extension: (Calm Pastel 3) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{2905c1f7-f77a-472e-9d59-23ee3d51908f}.xpi [2020-06-13]FF Extension: (Matte Black (Pink)) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{3f3c6e15-30bf-4ec3-a7c2-c23321d40569}.xpi [2020-06-27]FF Extension: (Dynalist Companion Clipper) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{a457369f-d69d-4c1f-bfdc-0bb62559d258}.xpi [2020-08-08]FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-08-31]FF Extension: (Evernote Web Clipper) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2020-08-14]FF Extension: (Galaxy Theme) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{e4e50c71-b860-4c0b-9af6-bfd7cc85c537}.xpi [2020-04-23]FF Extension: (Link Text and Location Copier) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{ecdeca5f-93eb-4757-8cad-9c4ab7568649}.xpi [2020-08-06]FF Extension: (TwoSeven Extension) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{f2ea6d63-8bcb-4a24-94e2-8c0160c904dc}.xpi [2020-08-29]FF Extension: (Workflowy Sidebar) - C:\Users\Becky\AppData\Roaming\Mozilla\Firefox\Profiles\9o1uynsj.default-release\Extensions\{f9d68f7c-2d88-4533-a135-b5fc95d09900}.xpi [2020-08-07]FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-07-10] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17] (Adobe Inc. -> Adobe Systems Inc.)Chrome:=======CHR Profile: C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default [2020-09-03]CHR Notifications: Default -> hxxps://calendar.google.comCHR StartupUrls: Default -> "hxxps://apps.eganco.com/Egan/"CHR DefaultSearchURL: Default -> hxxps://acpmn.doxy.me/assets/images/logo-48.pngCHR Extension: (Slides) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-18]CHR Extension: (Removes Taboola) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajdhffnbdccpannhhpeclanoojjloech [2020-04-18]CHR Extension: (Docs) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-18]CHR Extension: (Google Drive) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-18]CHR Extension: (MindMeister) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2020-04-18]CHR Extension: (YouTube) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-18]CHR Extension: (Go Back With Backspace) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekailopagacbcdloonjhbiecobagjci [2020-04-18]CHR Extension: (Adobe Acrobat) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-19]CHR Extension: (Sheets) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-18]CHR Extension: (Google Docs Offline) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-27]CHR Extension: (Google Photos) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2020-04-18]CHR Extension: (LastPass: Free Password Manager) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-08-30]CHR Extension: (Doxy.me - Free and Secure Telemedicine) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblloelpabgicefmgcdkipllamdgiegi [2020-08-27]CHR Extension: (Kindle Cloud Reader) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-04-18]CHR Extension: (ChromeVox Classic Extension) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2020-04-18]CHR Extension: (Pocket) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2020-04-18]CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2020-09-03]CHR Extension: (Google Hangouts) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-29]CHR Extension: (Chrome Web Store Payments) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-18]CHR Extension: (Gmail) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-18]CHR Extension: (Chrome Media Router) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-29]CHR Profile: C:\Users\Becky\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-21]CHR HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]==================== Services (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10566536 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\FileSyncHelper.exe [2165608 2020-09-01] (Microsoft Corporation -> Microsoft Corporation)S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-09-02] (Malwarebytes Inc -> Malwarebytes)R2 MozillaVPNBroker; C:\Program Files\Mozilla\Mozilla VPN\MozillaVPN.exe [8089824 2020-07-11] (Mozilla Corporation -> Mozilla)S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\OneDriveUpdaterService.exe [2529128 2020-09-01] (Microsoft Corporation -> Microsoft Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2517816 2020-08-17] (Electronic Arts, Inc. -> Electronic Arts)R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3469632 2020-08-17] (Electronic Arts, Inc. -> Electronic Arts)S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6149984 2020-08-12] (Microsoft Windows Publisher -> Microsoft Corporation)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [100384 2016-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)===================== Drivers (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 clwvd9; C:\WINDOWS\System32\drivers\clwvd9.sys [60984 2019-09-08] (CyberLink Corp. -> CyberLink Corporation)R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [33768 2020-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217608 2020-09-04] (Malwarebytes Inc -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-09-03] (Malwarebytes Inc -> Malwarebytes)U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [90168 2020-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2020-08-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [428256 2020-08-28] (Microsoft Windows -> Microsoft Corporation)R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-08-28] (Microsoft Windows -> Microsoft Corporation)S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2020-04-23] (WireGuard LLC -> WireGuard LLC)R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One month (created) ===================(If an entry is included in the fixlist, the file/folder will be moved.)2020-09-04 03:39 - 2020-09-04 03:39 - 000001184 _____ C:\Users\Public\Desktop\DriveImage XML.lnk2020-09-04 03:39 - 2020-09-04 03:39 - 000001184 _____ C:\ProgramData\Desktop\DriveImage XML.lnk2020-09-04 03:39 - 2020-09-04 03:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software2020-09-04 03:39 - 2020-09-04 03:39 - 000000000 ____D C:\Program Files (x86)\Runtime Software2020-09-04 03:38 - 2020-09-04 03:38 - 000217608 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2020-09-04 03:33 - 2020-09-04 03:33 - 000000000 ____D C:\Program Files (x86)\Trend Micro2020-09-04 03:25 - 2020-09-04 03:25 - 001176546 _____ C:\Users\Becky\AppData\Local\census.cache2020-09-04 03:24 - 2020-09-04 03:24 - 000468724 _____ C:\Users\Becky\AppData\Local\ars.cache2020-09-04 01:01 - 2020-09-04 01:01 - 099876864 _____ C:\WINDOWS\system32\config\SOFTWARE2020-09-04 00:46 - 2020-09-04 01:01 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware2020-09-03 22:19 - 2020-09-03 22:19 - 000000010 _____ C:\Users\Becky\AppData\Local\sponge.last.runtime.cache2020-09-03 22:14 - 2020-09-04 03:33 - 000000000 ____D C:\ProgramData\Trend Micro2020-09-03 22:14 - 2020-09-03 22:14 - 000000000 ____D C:\WINDOWS\Trend Micro2020-09-03 22:13 - 2020-09-03 22:13 - 000000036 _____ C:\Users\Becky\AppData\Local\housecall.guid.cache2020-09-03 21:15 - 2020-09-03 21:15 - 000090168 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS2020-09-03 21:07 - 2020-09-03 21:07 - 000000000 ____D C:\Users\Becky\AppData\Local\CrashDumps2020-09-03 20:13 - 2020-09-03 20:13 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys2020-09-03 17:57 - 2020-09-05 06:27 - 000000000 ____D C:\FRST2020-09-03 17:50 - 2020-09-03 17:51 - 000000000 ____D C:\AdwCleaner2020-09-02 07:01 - 2020-09-04 03:38 - 000000000 ____D C:\Users\Becky\AppData\LocalLow\IGDump2020-09-02 06:59 - 2020-09-02 06:59 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk2020-09-02 06:59 - 2020-09-02 06:59 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk2020-09-02 06:59 - 2020-09-02 06:58 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys2020-09-01 19:39 - 2020-09-01 19:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla2020-09-01 18:27 - 2020-09-03 17:49 - 000000000 ____D C:\Program Files\Mozilla Firefox2020-08-29 00:15 - 2020-09-03 20:45 - 000007588 _____ C:\Users\Becky\AppData\Local\Resmon.ResmonCfg2020-08-24 19:57 - 2020-08-24 19:57 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom2020-08-19 18:20 - 2020-08-19 18:20 - 000000000 ____D C:\Users\Becky\OneDrive\Documents\Avatar2020-08-19 18:17 - 2020-08-19 18:17 - 000000000 ____D C:\Users\Becky\AppData\Roaming\CyberLink2020-08-19 18:16 - 2020-08-19 18:16 - 000002250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 9.lnk2020-08-19 18:16 - 2020-08-19 18:16 - 000001974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 9 Mirror.lnk2020-08-19 18:15 - 2020-08-19 18:15 - 000000000 ____D C:\Program Files (x86)\CyberLink2020-08-14 05:36 - 2020-08-14 05:36 - 000000000 ____D C:\Users\Becky\AppData\Local\Onova2020-08-12 00:13 - 2020-08-12 00:13 - 025903104 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll2020-08-12 00:13 - 2020-08-12 00:13 - 022642688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 019852288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll2020-08-12 00:13 - 2020-08-12 00:13 - 018032128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 014820352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 009932088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2020-08-12 00:13 - 2020-08-12 00:13 - 007758848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll2020-08-12 00:13 - 2020-08-12 00:13 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll2020-08-12 00:13 - 2020-08-12 00:13 - 007270912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2020-08-12 00:13 - 2020-08-12 00:13 - 007270728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 006526448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll2020-08-12 00:13 - 2020-08-12 00:13 - 006436864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2020-08-12 00:13 - 2020-08-12 00:13 - 006294528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2020-08-12 00:13 - 2020-08-12 00:13 - 006074552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005946368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005904896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005849872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005767224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005283776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005111296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll2020-08-12 00:13 - 2020-08-12 00:13 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll2020-08-12 00:13 - 2020-08-12 00:13 - 004859904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2020-08-12 00:13 - 2020-08-12 00:13 - 004611072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe2020-08-12 00:13 - 2020-08-12 00:13 - 004129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2020-08-12 00:13 - 2020-08-12 00:13 - 003822592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003806208 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003743056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003727872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys2020-08-12 00:13 - 2020-08-12 00:13 - 003637760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003516416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003368616 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe2020-08-12 00:13 - 2020-08-12 00:13 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2020-08-12 00:13 - 2020-08-12 00:13 - 002950808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys2020-08-12 00:13 - 2020-08-12 00:13 - 002766952 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2020-08-12 00:13 - 2020-08-12 00:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2020-08-12 00:13 - 2020-08-12 00:13 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directml.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002737664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002698048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2020-08-12 00:13 - 2020-08-12 00:13 - 002588688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 002583496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002576896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002422384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002259192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 002138280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002085632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001870200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001756592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2020-08-12 00:13 - 2020-08-12 00:13 - 001743680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001740800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001672544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001660536 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001654312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001512848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2020-08-12 00:13 - 2020-08-12 00:13 - 001482568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2020-08-12 00:13 - 2020-08-12 00:13 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001420320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001418832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe2020-08-12 00:13 - 2020-08-12 00:13 - 001393960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001366144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2020-08-12 00:13 - 2020-08-12 00:13 - 001338368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001282872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi2020-08-12 00:13 - 2020-08-12 00:13 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe2020-08-12 00:13 - 2020-08-12 00:13 - 001197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001182248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2020-08-12 00:13 - 2020-08-12 00:13 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001077048 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe2020-08-12 00:13 - 2020-08-12 00:13 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000917800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000897648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000894032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000888352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000867840 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000823744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000822800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000738064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 000724480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000718336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.FileExplorer.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000692224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000690536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000675040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000671040 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000666280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000593480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000568128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000564488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000522688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000495104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2020-08-12 00:13 - 2020-08-12 00:13 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000463168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000461112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000457016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DispBroker.Desktop.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000379704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000369304 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000359496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000343408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL2020-08-12 00:13 - 2020-08-12 00:13 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HrtfApo.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000338944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000273744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000220984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47mrm.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\net1.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrahc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\net1.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Winlangdb.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000133256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47mrm.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000124512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000104248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\globinputhost.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000090936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000089328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpkinstall.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmRes.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acwow64.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmprovhost.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Drivers\afunix.sys2020-08-12 00:13 - 2020-08-12 00:13 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsmplpxy.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2020-08-12 00:13 - 2020-08-12 00:13 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll2020-08-12 00:13 - 2020-08-12 00:13 - 000000357 _____ C:\WINDOWS\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000357 _____ C:\WINDOWS\system32\DrtmAuth1KeyDelegate.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin2020-08-12 00:13 - 2020-08-12 00:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin2020-08-12 00:12 - 2020-08-12 00:13 - 007915864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll2020-08-12 00:12 - 2020-08-12 00:12 - 017792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2020-08-12 00:12 - 2020-08-12 00:12 - 007850784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll2020-08-12 00:12 - 2020-08-12 00:12 - 007583272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll2020-08-12 00:12 - 2020-08-12 00:12 - 007297536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll2020-08-12 00:12 - 2020-08-12 00:12 - 004625184 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2020-08-12 00:12 - 2020-08-12 00:12 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin2020-08-12 00:12 - 2020-08-12 00:12 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll2020-08-12 00:12 - 2020-08-12 00:12 - 003984896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll2020-08-12 00:12 - 2020-08-12 00:12 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll2020-08-12 00:12 - 2020-08-12 00:12 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2020-08-12 00:12 - 2020-08-12 00:12 - 003141632 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll2020-08-12 00:12 - 2020-08-12 00:12 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002808832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002717696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys2020-08-12 00:12 - 2020-08-12 00:12 - 002552120 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002471936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002260312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll2020-08-12 00:12 - 2020-08-12 00:12 - 002136064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001885184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe2020-08-12 00:12 - 2020-08-12 00:12 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001123344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001072128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll2020-08-12 00:12 - 2020-08-12 00:12 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000875424 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys2020-08-12 00:12 - 2020-08-12 00:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\HrtfApo.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2020-08-12 00:12 - 2020-08-12 00:12 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayServer.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe2020-08-12 00:12 - 2020-08-12 00:12 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000275256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys2020-08-12 00:12 - 2020-08-12 00:12 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000201544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Winlangdb.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys2020-08-12 00:12 - 2020-08-12 00:12 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\globinputhost.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe2020-08-12 00:12 - 2020-08-12 00:12 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe2020-08-12 00:12 - 2020-08-12 00:12 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguageProfileCallback.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe2020-08-12 00:12 - 2020-08-12 00:12 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe2020-08-12 00:12 - 2020-08-12 00:12 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll2020-08-12 00:12 - 2020-08-12 00:12 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll2020-08-12 00:08 - 2020-07-17 22:07 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe2020-08-12 00:08 - 2020-07-17 21:53 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe2020-08-11 20:55 - 2020-08-15 00:09 - 000000000 ____D C:\Users\Becky\AppData\Local\TogglDesktop2020-08-11 20:55 - 2020-08-11 20:55 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toggl2020-08-11 20:23 - 2020-08-11 20:23 - 000000000 ____D C:\ProgramData\ALM2020-08-11 20:20 - 2020-08-11 20:20 - 000000000 ____D C:\Users\Becky\Adobe Flash Builder 4.62020-08-11 20:13 - 2020-08-11 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS62020-08-11 20:09 - 2020-08-11 20:09 - 000000000 ____D C:\adobeTemp2020-08-10 04:30 - 2020-09-01 23:07 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Dynalist2020-08-10 04:30 - 2020-08-10 04:30 - 000002151 _____ C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dynalist.lnk2020-08-10 04:30 - 2020-08-10 04:30 - 000000000 ____D C:\Users\Becky\AppData\Local\dynalist-updater2020-08-10 04:30 - 2020-08-10 04:30 - 000000000 ____D C:\Users\Becky\AppData\Local\Dynalist2020-08-06 02:01 - 2020-08-06 05:30 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Notion2020-08-06 02:01 - 2020-08-06 02:01 - 000000000 ____D C:\Users\Becky\AppData\Local\notion-updater==================== One month (modified) ==================(If an entry is included in the fixlist, the file/folder will be moved.)2020-09-05 06:26 - 2020-04-23 01:47 - 000000000 ____D C:\Users\Becky\AppData\LocalLow\Mozilla2020-09-05 06:07 - 2020-04-18 16:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2020-09-05 06:07 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2020-09-04 20:23 - 2019-03-18 23:52 - 000000000 ___HD C:\Program Files\WindowsApps2020-09-04 20:23 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness2020-09-04 15:25 - 2020-05-24 13:32 - 000000000 ____D C:\Program Files (x86)\LastPass2020-09-04 03:35 - 2020-05-24 13:33 - 000000000 ____D C:\Users\Becky\AppData\LocalLow\LastPass2020-09-04 03:33 - 2020-04-18 16:27 - 000000000 ____D C:\Users\Becky\Downloads\Installers2020-09-03 22:06 - 2020-04-18 16:08 - 000797848 _____ C:\WINDOWS\system32\PerfStringBackup.INI2020-09-03 22:06 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF2020-09-03 22:03 - 2020-05-17 20:41 - 000000000 ____D C:\Users\Becky\AppData\Roaming\FontBase2020-09-03 22:03 - 2020-04-18 04:12 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat2020-09-03 22:03 - 2020-04-18 03:41 - 000000000 __SHD C:\Users\Becky\IntelGraphicsProfiles2020-09-03 22:03 - 2020-04-18 02:06 - 000000000 ___RD C:\Users\Becky\OneDrive2020-09-03 22:02 - 2020-04-18 16:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2020-09-03 22:02 - 2020-04-18 16:04 - 000000000 ____D C:\ProgramData\Synaptics2020-09-03 21:55 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI2020-09-03 18:09 - 2020-04-18 16:07 - 000000000 ____D C:\Users\Becky\AppData\Local\PlaceholderTileLogoFolder2020-09-03 17:49 - 2020-06-03 14:50 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive2020-09-03 17:49 - 2020-04-23 01:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2020-09-02 06:59 - 2020-05-02 20:39 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk2020-09-02 06:59 - 2019-03-18 23:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP2020-09-02 06:58 - 2020-05-02 20:38 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys2020-09-02 04:33 - 2020-04-18 17:32 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk2020-09-01 23:15 - 2020-04-18 02:01 - 000000000 ____D C:\Users\Becky\AppData\Local\Packages2020-09-01 19:39 - 2020-04-23 01:47 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk2020-09-01 18:26 - 2020-06-03 14:50 - 000003206 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task2020-09-01 18:26 - 2020-06-03 14:50 - 000002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2020-08-29 00:06 - 2020-04-18 16:28 - 000000000 ____D C:\Users\Becky\AppData\Local\D3DSCache2020-08-29 00:03 - 2020-05-02 17:47 - 000000000 ___RD C:\Users\Becky\Google Drive2020-08-28 23:34 - 2020-04-18 05:13 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM2020-08-28 23:34 - 2020-04-18 04:34 - 000006567 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip2020-08-28 21:56 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports2020-08-28 21:53 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\CbsTemp2020-08-28 21:40 - 2020-04-18 16:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd2020-08-27 16:01 - 2020-04-18 14:14 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps2020-08-27 07:25 - 2020-04-18 14:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2020-08-25 18:03 - 2020-04-19 01:20 - 000000000 ____D C:\Program Files (x86)\Origin2020-08-25 05:58 - 2020-04-18 16:02 - 000000000 ____D C:\Users\Becky2020-08-25 05:58 - 2020-04-18 02:06 - 000000000 ____D C:\Users\Becky\OneDrive\Documents\TurboTax2020-08-25 05:57 - 2020-08-04 15:40 - 000000000 ____D C:\Users\Becky\OneDrive\Documents\OneNote Notebooks2020-08-24 19:57 - 2020-04-18 20:44 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Zoom2020-08-24 18:29 - 2020-04-18 17:31 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2020-08-24 18:29 - 2020-04-18 17:31 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore2020-08-22 22:36 - 2020-04-18 21:46 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2020-08-19 18:32 - 2020-06-30 19:44 - 000000000 ____D C:\Users\Public\CyberLink2020-08-19 18:19 - 2020-06-30 19:42 - 000000000 ____D C:\Users\Becky\OneDrive\Documents\YouCam2020-08-19 18:16 - 2020-06-30 19:42 - 000000000 ____D C:\Users\Becky\AppData\Local\CyberLink2020-08-19 18:15 - 2020-06-30 19:42 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information2020-08-19 01:33 - 2020-05-17 20:41 - 000000000 ____D C:\Users\Becky\AppData\Local\fontbase-app-updater2020-08-19 00:41 - 2020-04-18 17:25 - 000000000 ____D C:\Program Files\Microsoft Office2020-08-14 15:21 - 2020-04-18 02:01 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Adobe2020-08-12 18:24 - 2020-04-18 21:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task2020-08-12 00:40 - 2020-04-18 16:04 - 000000000 ___RD C:\Users\Becky\3D Objects2020-08-12 00:40 - 2020-04-18 02:01 - 000000000 __RHD C:\Users\Public\AccountPictures2020-08-12 00:39 - 2020-04-18 16:00 - 005107480 _____ C:\WINDOWS\system32\FNTCACHE.DAT2020-08-12 00:39 - 2019-03-19 01:23 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\SystemResources2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\setup2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\oobe2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\migwiz2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\system32\Dism2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\ShellExperiences2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\Provisioning2020-08-12 00:39 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\bcastdvr2020-08-12 00:39 - 2019-03-18 23:37 - 000000000 ____D C:\WINDOWS\servicing2020-08-11 20:42 - 2020-04-18 19:21 - 000000000 ____D C:\Program Files (x86)\Adobe2020-08-11 20:41 - 2020-04-18 19:17 - 000000000 ____D C:\Users\Becky\AppData\Local\Adobe2020-08-11 20:26 - 2020-04-18 19:20 - 000000000 ____D C:\Program Files\Common Files\Adobe2020-08-11 20:24 - 2020-04-18 19:20 - 000000000 ____D C:\Program Files\Adobe2020-08-11 20:22 - 2020-04-18 19:17 - 000000000 ____D C:\ProgramData\Adobe2020-08-09 20:57 - 2020-08-01 17:16 - 000000000 ____D C:\Users\Becky\.atom2020-08-09 20:55 - 2020-08-01 17:16 - 000000000 ____D C:\Users\Becky\AppData\Roaming\Atom2020-08-06 21:12 - 2020-05-17 20:41 - 000000000 ____D C:\Users\Becky\FontBase2020-08-06 20:41 - 2020-04-18 21:55 - 000000000 ____D C:\Program Files (x86)\Steam==================== Files in the root of some directories ========2020-03-24 11:18 - 2020-03-24 11:18 - 005611816 _____ (Microsoft Corporation) C:\Users\Becky\setup.exe2020-09-04 03:24 - 2020-09-04 03:24 - 000468724 _____ () C:\Users\Becky\AppData\Local\ars.cache2020-09-04 03:25 - 2020-09-04 03:25 - 001176546 _____ () C:\Users\Becky\AppData\Local\census.cache2020-09-03 22:13 - 2020-09-03 22:13 - 000000036 _____ () C:\Users\Becky\AppData\Local\housecall.guid.cache2020-04-30 00:58 - 2020-04-30 00:58 - 000000000 _____ () C:\Users\Becky\AppData\Local\oobelibMkey.log2020-08-29 00:15 - 2020-09-03 20:45 - 000007588 _____ () C:\Users\Becky\AppData\Local\Resmon.ResmonCfg2020-09-03 22:19 - 2020-09-03 22:19 - 000000010 _____ () C:\Users\Becky\AppData\Local\sponge.last.runtime.cache==================== SigCheck ============================(There is no automatic fix for files that do not pass verification.)==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2020Ran by Becky (05-09-2020 06:28:17)Running from C:\Users\Becky\OneDrive\Desktop\Malware TroubleshootingWindows 10 Pro Version 1909 18363.1016 (X64) (2020-04-18 21:04:23)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-3524049003-4065508712-3135555920-500 - Administrator - Disabled)Becky (S-1-5-21-3524049003-4065508712-3135555920-1001 - Administrator - Enabled) => C:\Users\BeckyDefaultAccount (S-1-5-21-3524049003-4065508712-3135555920-503 - Limited - Disabled)Guest (S-1-5-21-3524049003-4065508712-3135555920-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3524049003-4065508712-3135555920-1003 - Limited - Enabled)WDAGUtilityAccount (S-1-5-21-3524049003-4065508712-3135555920-504 - Limited - Disabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe Systems Incorporated)Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)Amazon Fire Toolbox V7.0 version (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\{28E5D091-D091-42B9-AB9F-517551C6D61F}_is1) (Version: - Datastream33)Amazon Fire Toolbox V7.3 version (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\{499E1F99-FADE-4ECD-8DB3-3357AEC68923}_is1) (Version: - Datastream33)Amazon Kindle (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\Amazon Kindle) (Version: 1.29.0.58059 - Amazon)Atom (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\atom) (Version: 1.49.0 - GitHub Inc.)Backup and Sync from Google (HKLM\...\{01D33BEA-673C-439C-A7C7-DE5B236DB842}) (Version: 3.50.3166.0017 - Google, Inc.)bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) HiddenBrackets (HKLM-x32\...\{43086E55-5B37-4DA8-852F-EEC6C75ECFE9}) (Version: 1.14.17770 - brackets.io)calibre 64bit (HKLM\...\{0185ADA8-A025-46A7-8A5C-7F5C2C000CC5}) (Version: 4.21.0 - Kovid Goyal)Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.10.2.51 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.0.69 - Canon Inc.)Canon TS9500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS9500_series) (Version: 1.02 - Canon Inc.)CyberLink YouCam 9 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}) (Version: 9.0.1029.0 - CyberLink Corp.)DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.2.7 - Dev47apps)Dynalist 1.0.5 (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\1e78cdbc-7a18-5e02-93fd-c98dee19d9b8) (Version: 1.0.5 - Dynalist Inc.)EdgeDeflector (HKLM-x32\...\EdgeDeflector) (Version:- )Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)FontBase 2.11.3 (HKLM\...\ffc1e284-e25b-515d-b453-93eb9fe955eb) (Version: 2.11.3 - Dominik Levitsky Studio, LLC)Git version 2.28.0 (HKLM\...\Git_is1) (Version: 2.28.0 - The Git Development Community)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC)Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) HiddenHP AC Power Control (HKLM\...\{F819C151-FFEE-4F01-BE68-0D1F76574F44}) (Version: 1.0.6 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{33A0B67A-CF04-4F31-B3D0-EEEEDEF7078E}) (Version: 8.8.34.31 - HP Inc.)HP Support Solutions Framework (HKLM-x32\...\{EA6A1ABF-8D4C-432A-AF6C-84738319C2D7}) (Version: 12.18.34.21 - HP Inc.)HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)LastPass (HKLM-x32\...\{945C3073-9B1B-4413-94B1-1A865A5AF434}) (Version: 4.49.0.1725 - LogMeIn)Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13029.20344 - Microsoft Corporation)Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.44 - Microsoft Corporation)Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 75.0 - Mozilla)Mozilla VPN (HKLM\...\{0D9D5925-60BA-4600-A5E4-331AFA04EDC2}) (Version: 1.1.0.0 - Mozilla Corporation)MusicBee 3.3.7367 (HKLM-x32\...\MusicBee) (Version: 3.3.7367 - Steven Mayall)nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:- xiles)Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20236 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 10.5.82.43225 - Electronic Arts, Inc.)PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hiddenph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.62.67.1020 - Electronic Arts Inc.)Toggl Desktop (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\TogglDesktop) (Version:- Toggl)VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)YouCam 9.0 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}_is1) (Version: 9.0 - CyberLink) HiddenZoom (HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\ZoomUMX) (Version: 5.2.1 (44052.0816) - Zoom Video Communications, Inc.)Packages:=========Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-04-18] (Canon Inc.)HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.6.0_x64__v10z8vjag6ke6 [2020-08-07] (HP Inc.)LastPass for Windows Desktop -> C:\Program Files\WindowsApps\LastPass.LastPass_4.3.0.0_x64__sbg7naapqq8fj [2020-05-24] (LastPass)Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-19] (Microsoft Studios) [MS Ad]MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2020-04-18] (Microsoft Corporation) [MS Ad]Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-01] (Microsoft Corporation)Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0 [2020-09-04] (Spotify AB) [Startup Task]==================== Custom CLSID (Whitelisted): ==============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-3524049003-4065508712-3135555920-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-C8B18A6F583E} -> [Creative Cloud Files] => C:\Users\Becky\Creative Cloud Files0CustomCLSID: HKU\S-1-5-21-3524049003-4065508712-3135555920-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )ShellIconOverlayIdentifiers: [GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google)ShellIconOverlayIdentifiers: [GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google)ShellIconOverlayIdentifiers: [GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-06-15] (Google LLC -> Google)ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-06-15] (Google LLC -> Google)ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-02] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-06-15] (Google LLC -> Google)ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.143.0716.0003\amd64\FileSyncShell64.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation)ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>-> No FileContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-05-02] (Malwarebytes Corporation -> Malwarebytes)==================== Codecs (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2015-04-14] (Electronic Arts -> On2.com)==================== Shortcuts & WMI ========================(The entries could be listed to be restored or removed.)ShortcutWithArgument: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Doxy.me - Free and Secure Telemedicine.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->--profile-directory=Default --app-id=iblloelpabgicefmgcdkipllamdgiegiShortcutWithArgument: C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->--profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk==================== Loaded Modules (Whitelisted) =============2020-09-03 22:03 - 2020-09-03 22:03 - 000099840 _____ () [File not signed] \\?\C:\Users\Becky\AppData\Local\Temp\d656e428-bc43-4c81-920e-e1c157ed9d5a.tmp.node2020-05-17 20:41 - 2020-04-21 06:22 - 002338304 _____ () [File not signed] C:\Program Files\FontBase\ffmpeg.dll2020-05-17 20:41 - 2020-04-21 06:22 - 000376320 _____ () [File not signed] C:\Program Files\FontBase\libegl.dll2020-05-17 20:41 - 2020-04-21 06:22 - 007947776 _____ () [File not signed] C:\Program Files\FontBase\libglesv2.dll2020-05-06 22:32 - 2016-10-21 16:06 - 000318976 _____ (CANON INC) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll2020-05-06 22:32 - 2017-06-27 10:59 - 000219648 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll2020-05-06 22:32 - 2017-11-02 15:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL2020-05-06 22:32 - 2017-11-02 15:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll2020-04-18 19:13 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll2013-11-08 13:22 - 2013-11-08 13:22 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll2013-11-08 13:22 - 2013-11-08 13:22 - 000499200 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll2020-05-19 01:25 - 2020-05-19 01:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll2020-05-19 01:25 - 2020-05-19 01:25 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll2020-08-19 02:09 - 2020-04-19 01:20 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll2020-04-19 01:20 - 2020-04-19 01:20 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll2020-08-19 02:09 - 2020-04-19 01:20 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll2020-08-25 18:03 - 2020-04-19 01:20 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll2020-08-25 18:03 - 2020-04-19 01:20 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll2020-08-25 18:03 - 2020-04-19 01:20 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll2020-08-25 18:03 - 2020-04-19 01:20 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll2020-08-25 18:03 - 2020-04-19 01:20 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll2020-08-25 18:03 - 2020-04-19 01:20 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll==================== Alternate Data Streams (Whitelisted) ========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\Users\Becky\Cookies:Ltoy0YHz8S9FgFVCOGgNI [2014]AlternateDataStreams: C:\Users\Becky\AppData\Local\Temporary Internet Files:f6nh30srIGITDeP7KedqE0J47Av [1930]==================== Safe Mode (Whitelisted) ==================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"==================== Association (Whitelisted) ===================================== Internet Explorer trusted/restricted ============================== Hosts content: =========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts==================== Other Areas ===========================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Becky\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\04-you-gotta-start-somewhere.jpgDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(If an entry is included in the fixlist, it will be removed.)HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"HKLM\...\StartupApproved\Run32: => "YouCam Service9"HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BC0B69F17B19DF6FF535FC680D04057D"HKU\S-1-5-21-3524049003-4065508712-3135555920-1001\...\StartupApproved\Run: => "GoogleDriveSync"==================== FirewallRules (Whitelisted) ================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [{E95B0254-00D6-46AE-AC52-CA10911B6E0A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No FileFirewallRules: [{158E4F6C-B621-4FE1-A57D-C037E211C9E9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No FileFirewallRules: [{AEADDA10-19E0-4370-85E8-CD4F7B0C420D}] => (Allow) C:\Users\Becky\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)FirewallRules: [{22FCD716-C223-4D80-9B67-9CA3E11F363D}] => (Allow) C:\Users\Becky\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)FirewallRules: [{CC18708F-1377-4BEB-A380-86EDACA1FC83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)FirewallRules: [{3706ABE5-32EF-4B84-BE31-B0160C412139}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)FirewallRules: [{47E67955-DAAE-4078-85AA-5B7162E9D25B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)FirewallRules: [{BC0BCF6F-48D3-446B-845F-DB5C43576058}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)FirewallRules: [{7BA30794-3759-4F91-95DE-DAA9EC02A5FD}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)FirewallRules: [{A5845A5A-F377-4527-8151-1EBAC643AE45}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)FirewallRules: [{20A9EAB8-1588-4F7E-8AA4-C9E05EDEF4FA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)FirewallRules: [{7E962C51-C220-432B-B5AF-B1A7AD63F2CC}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)FirewallRules: [{F9E81FCF-3BB6-48EA-BCC2-2EDC1B8F393C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)FirewallRules: [{36E78E22-5B47-4353-A04D-05CFD69C0EC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)FirewallRules: [{D1639323-70DB-40C5-84C4-50CA15750560}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)FirewallRules: [{5AF37134-D354-4B9F-ADA4-FA7E957901C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)FirewallRules: [{B633E460-3287-4181-9822-639029D41967}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{774A6B18-212E-40BF-95DA-9D10B29A58F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [TCP Query User{7F2E48C1-5A2C-48B5-A944-FA09B4127948}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)FirewallRules: [UDP Query User{5F81902E-E6DE-48BF-B21D-E7206D01169F}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)FirewallRules: [TCP Query User{5D2882BB-3652-4F3B-931E-E496D157BCB0}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)FirewallRules: [UDP Query User{4F1C3304-D4A4-40C4-8601-CE6CFA71CA04}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)FirewallRules: [{67EA9606-022D-4C44-ADE8-D374892B20AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)FirewallRules: [{34A11520-560F-4121-BC95-CCDC6EA5FF93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)FirewallRules: [{30E7AEEC-ADFD-4C25-AB28-8DF457857271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)FirewallRules: [{F5AFDB40-0694-4067-AE08-05C53B01AE6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)FirewallRules: [{8383ADB7-2708-426A-ADE4-3728147C1E25}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{64F76635-0A20-4410-825E-283BBE9AC343}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{847056E4-9F1E-40DF-BFC7-09E68D5BAC6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{86D48A9B-00D1-4A5B-AEB6-1C97EB736507}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{470A19CD-3857-429E-91B2-9FE7FDAF7020}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)FirewallRules: [{E2C2EC53-DEB7-482B-AE53-6B5E44C15E89}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )FirewallRules: [{E75BCAC6-1167-4E7C-8E85-D508773BA38E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )FirewallRules: [{43C0B6C6-6D2E-4DBC-8945-88B5E795A82C}] => (Allow) LPort=7935FirewallRules: [{C1212542-6BD9-468D-8E6D-814ADC2F4FAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)FirewallRules: [{A2453BEE-9E68-49AC-8D3A-F82E9CED77D3}] => (Allow) C:\Users\Becky\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) [File not signed]FirewallRules: [{E6CE6918-9DAE-40B9-B0C6-5F39F9D62D37}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{2B97415A-C12A-4417-BA80-0DAB1EEE70B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{E6504BD4-7D66-4620-9EC6-3029FDF6B3C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{65D16EA1-0911-4479-9335-5D103C51A1DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{27EC9FD4-05DA-466E-8EE1-7506CE97ED06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{60EE8B3C-8BF3-49D7-BC64-03C49077780A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{1679ECFF-ACF9-454A-A1CB-927AB41A459D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{BF76AE05-0A1D-4410-A6C0-DAB392210984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.141.634.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)==================== Restore Points =========================27-08-2020 17:26:26 Scheduled Checkpoint28-08-2020 21:53:32 Windows Modules Installer==================== Faulty Device Manager Devices ================================ Event log errors: ========================Application errors:==================Error: (09/05/2020 06:15:45 AM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (6912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/05/2020 04:35:13 AM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (7660,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 08:28:59 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (3196,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 08:10:22 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (11948,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 07:45:00 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (9304,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 06:50:14 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (3992,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 06:45:00 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (11864,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.Error: (09/04/2020 05:48:56 PM) (Source: ESENT) (EventID: 455) (User: )Description: svchost (12556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.System errors:=============Error: (09/05/2020 06:08:02 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)Description: F:\Device\HarddiskVolume102Error: (09/04/2020 11:57:28 PM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Error: (09/04/2020 08:04:34 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)Description: F:\Device\HarddiskVolume82Error: (09/04/2020 12:02:25 PM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Error: (09/04/2020 12:10:51 AM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Error: (09/03/2020 10:33:03 PM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Error: (09/03/2020 10:04:12 PM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Error: (09/03/2020 10:03:06 PM) (Source: DCOM) (EventID: 10010) (User: MYBRAIN)Description: The server Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.Windows Defender:===================================Date: 2020-09-01 22:22:23.398Description:Windows Defender Antivirus scan has been stopped before completion.Scan ID: {14E7C100-D98F-4EF4-8598-45099BF9DF45}Scan Type: AntimalwareScan Parameters: Quick ScanDate: 2020-08-31 20:08:03.538Description:Windows Defender Antivirus scan has been stopped before completion.Scan ID: {1D8DA678-45CF-4F20-9BA8-51179A1EA404}Scan Type: AntimalwareScan Parameters: Quick ScanDate: 2020-08-28 16:40:45.728Description:Windows Defender Antivirus scan has been stopped before completion.Scan ID: {81674A38-D2F5-409F-BAD4-D2DD2BEB43BB}Scan Type: AntimalwareScan Parameters: Quick ScanDate: 2020-08-25 06:01:55.295Description:Windows Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:ASP/Dirtelti.HA&threatid=2147761339&enterprise=0Name: Backdoor:ASP/Dirtelti.HAID: 2147761339Severity: SevereCategory: BackdoorPath: file:_C:\Users\Becky\OneDrive\Documents\Documents - Local\@Projects and Resources\Projects\IBC\Web Design\NEW IBC Website\Website Backup\FIles\conn2 (2018_09_14 13_10_40 UTC).asp; file:_C:\Users\Becky\OneDrive\Documents\Documents - Local\@Projects and Resources\~Projects\IBC\Web Design\NEW IBC Website\Website Backup\FIles\conn2.aspDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exeSecurity intelligence Version: AV: 1.321.2151.0, AS: 1.321.2151.0, NIS: 1.321.2151.0Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5Date: 2020-08-25 06:01:54.420Description:Windows Defender Antivirus has detected malware or other potentially unwanted software.For more information please see the following:https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:ASP/Dirtelti.HA&threatid=2147761339&enterprise=0Name: Backdoor:ASP/Dirtelti.HAID: 2147761339Severity: SevereCategory: BackdoorPath: file:_C:\Users\Becky\OneDrive\Documents\Documents - Local\@Projects and Resources\Projects\IBC\Web Design\NEW IBC Website\Website Backup\FIles\conn2 (2018_09_14 13_10_40 UTC).aspDetection Origin: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exeSecurity intelligence Version: AV: 1.321.2151.0, AS: 1.321.2151.0, NIS: 1.321.2151.0Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5Date: 2020-08-28 20:52:28.200Description:Windows Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.321.2290.0Update Source: Microsoft Update ServerSecurity intelligence Type: AntiVirusUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.17400.5Error code: 0x80240438Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.Date: 2020-08-28 20:08:55.921Description:Windows Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.321.2290.0Update Source: Microsoft Update ServerSecurity intelligence Type: AntiVirusUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.17400.5Error code: 0x80240438Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.Date: 2020-08-27 07:34:36.184Description:Windows Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.321.2151.0Update Source: Microsoft Malware Protection CenterSecurity intelligence Type: AntiVirusUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.17400.5Error code: 0x80072ee7Error description: The server name or address could not be resolvedDate: 2020-08-27 07:34:36.184Description:Windows Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.321.2151.0Update Source: Microsoft Malware Protection CenterSecurity intelligence Type: AntiSpywareUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.17400.5Error code: 0x80072ee7Error description: The server name or address could not be resolvedDate: 2020-08-27 07:34:36.184Description:Windows Defender Antivirus has encountered an error trying to update security intelligence.New security intelligence Version:Previous security intelligence Version: 1.321.2151.0Update Source: Microsoft Malware Protection CenterSecurity intelligence Type: AntiVirusUpdate Type: FullCurrent Engine Version:Previous Engine Version: 1.1.17400.5Error code: 0x80072ee7Error description: The server name or address could not be resolved==================== Memory info ===========================BIOS: Insyde F.57 11/09/2018Motherboard: Hewlett-Packard 2290Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHzPercentage of memory in use: 30%Total physical RAM: 16314.15 MBAvailable physical RAM: 11258.31 MBTotal Virtual: 18746.15 MBAvailable Virtual: 13219.29 MB==================== Drives ================================Drive c: () (Fixed) (Total:930.29 GB) (Free:465.11 GB) NTFSDrive e: (NIKON D7000) (Removable) (Total:14.83 GB) (Free:9.79 GB) FAT32\\?\Volume{906124d0-4067-4a60-8c16-6d517088543b}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS\\?\Volume{e8332c73-c477-4540-a81a-34159e8aed74}\ () (Fixed) (Total:0.71 GB) (Free:0.08 GB) NTFS\\?\Volume{0c16aa99-3f2f-4faa-b13c-75212b824e60}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32==================== MBR & Partition Table ==============================================================================Disk: 0 (Size: 931.5 GB) (Disk ID: FB2DFDDF)Partition: GPT.==========================================================Disk: 1 (Size: 14.8 GB) (Disk ID: 77143DC2)Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C)==================== End of Addition.txt =======================