Solved Got Hacked, order placed at Sams

blairman

TS Booster
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by blair (administrator) on DESKTOP-30U2V9N (Hewlett-Packard HP Compaq 6200 Pro MT PC) (01-08-2019 06:35:27)
Running from C:\Users\blair\Desktop
Loaded Profiles: blair (Available Profiles: blair)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19062.451.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go12\Power2GoExpress.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\blair\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Third Party Application Component -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMUE.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMUE.EXE
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\ncolow.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G12] => C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe [154296 2018-05-16] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2018-02-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2018-02-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [Power2GoExpress12] => C:\Program Files (x86)\CyberLink\Power2Go12\Power2GoExpress.exe [3669688 2018-05-16] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2018-09-03]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk [2018-09-03]
ShortcutTarget: Microsoft Office Shortcut Bar.lnk -> C:\Program Files (x86)\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2018-09-03]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05CDA8C2-2DCE-4C88-987E-33ADC4322D3E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F1DB858-3823-4B9E-A888-518F613A3C69} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.3.50\WSCStub.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {12B9FA3D-DFE6-4EA0-80C5-7F549791E824} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {19E50161-807C-4F7A-8DC3-154032CC654C} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {1C0D9FC6-B4FA-4B28-8835-1CBF2823A3EC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {22097A56-DE4A-4DFB-BEBD-3AEB25DCA186} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-03] (Google Inc -> Google Inc.)
Task: {31B1A695-7FAA-4789-953B-FDF6D94990E6} - System32\Tasks\EPSON ET-4500 Series Update {131A25B8-8DE8-4931-BD51-1047FAF71DBB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {414245D1-5CDF-47D1-8451-16C114F3D796} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {47A39025-3420-49C4-B2EC-352B3203FBD4} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {64EB5185-52DE-406B-A183-E20B310889AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-03] (Google Inc -> Google Inc.)
Task: {66C54A8E-CAB0-4D56-B4AA-17FFDEBE469B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {752AE948-FAB9-4BF5-8D4D-BEE358D4C457} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {CAFB4C14-5207-4470-BBEF-9E404AF0A154} - System32\Tasks\EPSON ET-4500 Series Update {56119029-43FF-465D-A2C9-02907425CEE5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DB73B6B9-3682-4DDA-A345-58181FB10AA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {EC39C950-A9EA-4AC8-95C6-80321F5117F1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON ET-4500 Series Update {131A25B8-8DE8-4931-BD51-1047FAF71DBB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE:/EXE:{131A25B8-8DE8-4931-BD51-1047FAF71DBB} /F:UpdateWORKGROUP\DESKTOP-30U2V9N$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON ET-4500 Series Update {56119029-43FF-465D-A2C9-02907425CEE5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE:/EXE:{56119029-43FF-465D-A2C9-02907425CEE5} /F:UpdateWORKGROUP\DESKTOP-30U2V9N$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{90c3b799-70c0-45fe-b52e-47fdad933c93}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.3.50&locale=US_en&guid=4958DA7A-9204-4E85-8BF1-1F45C925EF5E&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.4.2.0_neutral__v68kp9n051hdp [2019-06-18]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-02-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR Profile: C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default [2018-11-03]
CHR Extension: (Slides) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-03]
CHR Extension: (Docs) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-03]
CHR Extension: (Google Drive) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-03]
CHR Extension: (YouTube) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-10-30]
CHR Extension: (Norton Safe Search) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-10-30]
CHR Extension: (Sheets) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-03]
CHR Extension: (Gmail) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [681400 2018-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe [933200 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5356848 2019-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\BASHDefs\20190729.001\BHDrvx64.sys [1935880 2019-06-18] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [113888 2018-05-02] (CyberLink Corp. -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-12-05] (Intel Corporation -> Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-05] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\IPSDefs\20190731.064\IDSvia64.sys [1441800 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSP64.SYS [864776 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-25] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.0.183\SymPlatform\SymEvnt.sys [717832 2019-07-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\symnets.sys [573448 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-24] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\wpCtrlDrv.sys [1012120 2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

blairman

TS Booster
FRST Cont...

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 06:35 - 2019-08-01 06:36 - 000026996 _____ C:\Users\blair\Desktop\FRST.txt
2019-08-01 06:35 - 2019-08-01 06:35 - 000000000 ____D C:\FRST
2019-08-01 06:34 - 2019-08-01 06:35 - 002096128 _____ (Farbar) C:\Users\blair\Desktop\FRST64.exe
2019-07-31 21:55 - 2019-07-31 21:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-07-30 05:57 - 2019-07-30 05:57 - 000000000 ___HD C:\OneDriveTemp
2019-07-25 07:44 - 2019-07-25 07:45 - 000029318 _____ C:\Users\blair\Documents\Copy of BidInventory22July.xlsx
2019-07-11 16:03 - 2019-07-11 16:03 - 000039402 _____ C:\Users\blair\Downloads\lZRr2HE4.pdf
2019-07-10 00:55 - 2019-07-31 08:00 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2019-07-10 00:49 - 2019-07-10 00:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-07-10 00:49 - 2019-07-10 00:49 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-07-09 23:13 - 2019-07-09 23:13 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 23:13 - 2019-07-09 23:13 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 23:13 - 2019-07-09 23:13 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 23:13 - 2019-07-09 23:13 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000317456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002406928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002200080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001713976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 23:12 - 2019-07-09 23:12 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001522488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001397048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 23:12 - 2019-07-09 23:12 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 23:12 - 2019-07-09 23:12 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 23:12 - 2019-07-09 23:12 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 23:12 - 2019-07-09 23:12 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 23:12 - 2019-07-09 23:12 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-07-09 23:11 - 2019-07-09 23:12 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 06:25 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-01 06:10 - 2019-02-23 17:19 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A14FC9E8-924F-4236-9F86-52C4CCA9419F}
2019-07-31 21:42 - 2019-02-23 17:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-30 19:31 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-30 06:58 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-30 05:59 - 2018-09-08 13:45 - 000000000 ____D C:\Users\blair\AppData\Local\CrashDumps
2019-07-30 05:57 - 2018-04-28 18:30 - 000000000 ___RD C:\Users\blair\OneDrive
2019-07-25 07:16 - 2018-04-28 18:27 - 000000000 ____D C:\Users\blair\AppData\Local\Packages
2019-07-15 19:35 - 2018-09-03 16:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 19:35 - 2018-09-03 16:02 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-10 06:56 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-07-10 01:19 - 2018-09-03 14:42 - 000000000 ____D C:\Program Files\Common Files\AV
2019-07-10 00:56 - 2019-02-23 17:24 - 000844988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-10 00:52 - 2018-09-03 11:00 - 000000000 ___RD C:\Users\blair\3D Objects
2019-07-10 00:52 - 2017-04-20 11:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 00:50 - 2019-03-25 21:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-07-10 00:50 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-07-10 00:49 - 2019-03-25 21:25 - 000002415 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-07-10 00:49 - 2019-02-23 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-10 00:47 - 2019-02-23 17:07 - 000468224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 00:45 - 2018-09-15 02:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-10 00:44 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 00:44 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-09 23:23 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 23:22 - 2018-04-28 22:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 23:20 - 2018-04-28 22:08 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 23:19 - 2017-03-18 17:03 - 000000188 _____ C:\WINDOWS\win.ini
2019-07-09 15:36 - 2019-06-11 21:36 - 006074936 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-07-09 15:36 - 2019-02-23 17:19 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 15:36 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-09 15:36 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-05 13:57 - 2019-04-07 15:10 - 000000000 ____D C:\Users\blair\AppData\Roaming\audacity
2019-07-04 06:57 - 2019-02-23 17:19 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1210828405-2936577779-2417566558-1003
2019-07-04 06:57 - 2019-02-23 17:11 - 000002420 _____ C:\Users\blair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

blairman

TS Booster
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by blair (01-08-2019 06:37:05)
Running from C:\Users\blair\Desktop
Windows 10 Pro Version 1809 17763.615 (X64) (2019-02-23 21:38:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1210828405-2936577779-2417566558-500 - Administrator - Disabled)
blair (S-1-5-21-1210828405-2936577779-2417566558-1003 - Administrator - Enabled) => C:\Users\blair
DefaultAccount (S-1-5-21-1210828405-2936577779-2417566558-503 - Limited - Disabled)
Guest (S-1-5-21-1210828405-2936577779-2417566558-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1210828405-2936577779-2417566558-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.12508 - CyberLink Corp.)
CyberLink Power2Go 12 (HKLM-x32\...\{A59F6DC9-8562-49d6-8C03-3F3AF0C5C0D3}) (Version: 12.0.0516 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.1.9529.0 - CyberLink Corp.)
Dragon's Challenge (HKLM-x32\...\Dragon's Challenge) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
EPSON ET-4500 Series Printer Uninstall (HKLM\...\EPSON ET-4500 Series) (Version: - SEIKO EPSON Corporation)
Epson ET-4500 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson ET-4500 User’s Guide_is1) (Version: 1.0 - )
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.38.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft Encarta Encyclopedia Standard 2003 (HKLM-x32\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Streets and Trips 2002 (HKLM-x32\...\{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}) (Version: 9.00.17.0200 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM-x32\...\Works2003Setup) (Version: - )
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VoiceSupport 2 version 1.1.00 build 136 (HKLM-x32\...\{E7D58981-DCAB-4D71-8B2B-2574D5B67B06}_is1) (Version: 1.1.00 build 136 - TC-Helicon)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Works Suite OS Pack (HKLM-x32\...\{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}) (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1550.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-11] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.0.9_x86__h6adky7gbf63m [2019-07-30] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.4.2.0_neutral__v68kp9n051hdp [2019-06-18] (Symantec Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-04-28] (Plex)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-05-31] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt12] -> {40BCC74A-C61A-4D0E-A93C-5CDE5ACB3BEC} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt12.dll [2018-05-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt12] -> {40BCC74A-C61A-4D0E-A93C-5CDE5ACB3BEC} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt12.dll [2018-05-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-03 15:55 - 2018-05-16 04:17 - 000695808 _____ () [File not signed] C:\Program Files (x86)\CyberLink\Power2Go12\tag.dll
1998-06-01 00:00 - 1998-06-01 00:00 - 003792896 _____ () [File not signed] C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
1997-07-11 00:00 - 1997-07-11 00:00 - 000061440 _____ () [File not signed] C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2018-09-03 15:55 - 2018-05-16 04:17 - 012214784 _____ (Codejock Software) [File not signed] C:\Program Files (x86)\CyberLink\Power2Go12\ToolkitPro1820vc110U.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\Office\osaintl.dll
2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\blair\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20120923_100031.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0FAB93BD-EAAC-4408-9E0B-48872F46239B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F3D799-2B98-4CDA-A6CD-B87E81AC4463}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D542570C-9186-447E-AB01-7757C8DFD763}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{111CAE95-2C67-4A59-A71A-8374C0AC79EF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F6F8729B-9F86-4AB2-8EB1-BE1728A16708}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{72EC973B-6AD0-43CE-8683-6B4A9B93AB42}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{63187B60-F583-4C19-98E4-C3BC8842E393}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AEF9BC56-497A-4732-8421-7E70DD2ACE4C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{59BAEBE9-713E-4AC9-AB92-8220BEF08876}] => (Allow) C:\Users\blair\AppData\Local\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{8147BD91-5F4A-4DDF-8034-939F0B7190A1}] => (Allow) C:\Users\blair\AppData\Local\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{14B03B0C-D13B-4234-849A-AA791FFB0BA1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{E23BBA73-22FE-46CF-A526-0AF190C4CF53}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{E27CDA27-3D9C-412E-9960-D8693DD7CD88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1B5F7B1-B8F4-48DB-BCAE-E1F2085D3A0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFC41E91-69CE-438A-AB8C-1A80BDA788F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9A4241A7-42BA-467C-97E1-FABCE4331588}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2B787EC7-3C1F-4F3B-B0EB-63BEAC0AC209}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5509CA4E-5843-460A-8F34-EA117E3CAD07}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4662ADD2-7BC2-4E66-A45B-EC5624821BDF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A967CBEF-9F90-4A28-84D7-4A11925266F9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B16F36FE-825A-48FA-B2FB-1AF6F64348D1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B8CBB73-503A-43BC-BE5B-CF529654CEA0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F39DFEC-2120-41A4-B237-7E0254ABB07B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{63FC8E8E-4857-4D06-B32E-546FD1AA8BCC}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9ADC4FF7-9E99-4189-97A7-550FE10BB834}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

==================== Restore Points =========================

09-07-2019 23:02:45 Windows Update
18-07-2019 06:59:04 Scheduled Checkpoint
25-07-2019 08:23:19 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2019 09:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.17763.592, time stamp: 0xc4e09c10
Faulting module name: KERNELBASE.dll, version: 10.0.17763.615, time stamp: 0x832170f2
Exception code: 0x8007000e
Fault offset: 0x0011fd62
Faulting process id: 0x5268
Faulting application start time: 0x01d5480a90925422
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fcac4791-cec2-445c-aec2-21d8360940a4
Faulting package full name:
Faulting package-relative application ID:

Error: (07/31/2019 06:24:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/30/2019 05:59:51 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/30/2019 05:59:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000203
Faulting process id: 0x3994
Faulting application start time: 0x01d546bd68df1110
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: c577688d-c55f-45d2-9f97-23d05064d640
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (07/29/2019 05:55:40 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/28/2019 12:35:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 21bc

Start Time: 01d544b51decc299

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: bea485d6-6019-479a-aa36-e07e8decab17

Faulting package full name: Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Hang type: Cross-process

Error: (07/28/2019 11:00:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.17763.592, time stamp: 0xc4e09c10
Faulting module name: KERNELBASE.dll, version: 10.0.17763.615, time stamp: 0x832170f2
Exception code: 0x8007000e
Fault offset: 0x0011fd62
Faulting process id: 0x15c4
Faulting application start time: 0x01d545451217063c
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2af65bf9-25ff-47ee-af1b-86c90c6e53b7
Faulting package full name:
Faulting package-relative application ID:

Error: (07/28/2019 07:04:27 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (07/30/2019 07:28:35 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (07/27/2019 11:13:17 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (07/26/2019 05:01:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (07/26/2019 04:30:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (07/26/2019 06:12:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (07/25/2019 10:57:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (07/24/2019 07:44:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (07/24/2019 07:36:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.


CodeIntegrity:
===================================

Date: 2019-07-31 07:31:49.602
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-31 07:31:49.587
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-31 07:31:49.572
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-30 07:31:47.332
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-30 07:31:47.315
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-30 07:31:47.298
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-29 07:18:23.543
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-29 07:18:23.527
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Norton Security\Engine\22.17.3.50\BuShell.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard J01 v02.15 11/10/2011
Motherboard: Hewlett-Packard 1497
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 24464 MB
Available physical RAM: 18730.3 MB
Total Virtual: 28048 MB
Available Virtual: 22186.71 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1862.07 GB) (Free:1198.54 GB) NTFS

\\?\Volume{91bce63f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{91bce63f-0000-0000-0000-d0a3d1010000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 91BCE63F)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466 MB) - (Type=27)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Your logs look clean but I need to know what exactly happened.
 

blairman

TS Booster
Computer seems to hesitate, like I click on a 'like' in FB and move on and the click registers on the next photo, after I have scrolled a bit. did not do this when I got the refurb computer about a year and a half ago. what happened Saturday, was I was outside cutting down a tree, when my wife yelled at me for buying a ipad at Sams. I told here that there was no way, I was working. 'well I have the confirmation" I went inside, and there were 2 emails confirming the purchase, weird but the shipping address had not changed, it was mine, but I figure that whoever was just searching for account and credit info. Then my email started loading like craxy, probably 200 plus accounts opened to my email address at all kinds of internet sales sites, both us and non us. I quickly changed my Microsoft password, which also changed my email password, then canceled the credit card I had stored on the Sams account. I have been blocking the opened accounts, and see no new ones. but some type of computer was opening the accounts, they had random usernames, but my email address. I normally use Norton 360 and use the password vault feature. and I had left the computer unattended, with the vault open. so if someone had hacked in, and started looking for accounts, the vault would have propagated the logon and password. that is bad. I now put the computer into sleep before walking away
 

Broni

Malware Annihilator
Was your credit card actually charged?

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

blairman

TS Booster
I had an active card stored with Sams in my account. I am assuming someone got into my computer, opened my Sams account and ordered something just to see if the card was good. And yes, the Sams purchase did hit my card, I was able to cancel the order on Sams site, and blocked the charge with the credit card company. The reason I believe that someone got in to my computer, at work 2 weeks ago one of our employees had left for the day, and another employee happen to sit down at his desk to look for something, and the cursor was traveling around on it's own. 2nd employee thought the IT dept was fixing something, but it looked at emails, opened the guys amazon account etc etc. I walked in as the PC was rebooting. we unplugged the network cable, then the power cable.. IT powered it up, then shut it down right away. not sure what they found. this is why I am concerned.
 

blairman

TS Booster
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-02-2019
# Duration: 00:00:06
# OS: Windows 10 Pro
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\banggood.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.banggood.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3980 octets] - [02/08/2019 20:41:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

blairman

TS Booster
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/2/19
Scan Time: 8:29 PM
Log File: d0f1b994-b585-11e9-b0f2-80c16efb3e02.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11834
License: Trial

-System Information-
OS: Windows 10 (Build 17763.615)
CPU: x64
File System: NTFS
User: DESKTOP-30U2V9N\blair

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 300813
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

blairman

TS Booster
RogueKiller Anti-Malware V13.3.2.0 (x64) [Jul 15 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : blair [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190801_090458, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/08/02 20:24:17 (Duration : 02:31:20)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{59BAEBE9-713E-4AC9-AB92-8220BEF08876} -- [%localappdata%\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8147BD91-5F4A-4DDF-8034-939F0B7190A1} -- [%localappdata%\Temp\WZSE0.TMP\Network\EpsonNetSetup\ENEasyApp.exe] -> Deleted
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

blairman

TS Booster
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by blair (administrator) on DESKTOP-30U2V9N (Hewlett-Packard HP Compaq 6200 Pro MT PC) (03-08-2019 06:10:26)
Running from C:\Users\blair\Desktop
Loaded Profiles: blair & (Available Profiles: blair)
Platform: Windows 10 Pro Version 1809 17763.615 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.866.0_x64__8wekyb3d8bbwe\YourPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go12\Power2GoExpress.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\blair\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMUE.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMUE.EXE
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G12] => C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe [154296 2018-05-16] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2018-02-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2018-02-13] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [Power2GoExpress12] => C:\Program Files (x86)\CyberLink\Power2Go12\Power2GoExpress.exe [3669688 2018-05-16] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\...\Run: [Power2GoExpress12] => C:\Program Files (x86)\CyberLink\Power2Go12\Power2GoExpress.exe [3669688 2018-05-16] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMUE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2018-09-03]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk [2018-09-03]
ShortcutTarget: Microsoft Office Shortcut Bar.lnk -> C:\Program Files (x86)\Microsoft Office\Office\MSOFFICE.EXE (Microsoft Corporation) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2018-09-03]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE () [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05CDA8C2-2DCE-4C88-987E-33ADC4322D3E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {0F1DB858-3823-4B9E-A888-518F613A3C69} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.3.50\WSCStub.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {12B9FA3D-DFE6-4EA0-80C5-7F549791E824} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {19E50161-807C-4F7A-8DC3-154032CC654C} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {1C0D9FC6-B4FA-4B28-8835-1CBF2823A3EC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-09] (Adobe Inc. -> Adobe)
Task: {22097A56-DE4A-4DFB-BEBD-3AEB25DCA186} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-03] (Google Inc -> Google Inc.)
Task: {31B1A695-7FAA-4789-953B-FDF6D94990E6} - System32\Tasks\EPSON ET-4500 Series Update {131A25B8-8DE8-4931-BD51-1047FAF71DBB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {3FA9FFE2-1A13-4E50-8CBB-3608A2611766} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {414245D1-5CDF-47D1-8451-16C114F3D796} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {64EB5185-52DE-406B-A183-E20B310889AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-03] (Google Inc -> Google Inc.)
Task: {752AE948-FAB9-4BF5-8D4D-BEE358D4C457} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {76A37FC7-BB85-4154-A992-C2E3604E642F} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [34898488 2019-07-15] (Adlice -> )
Task: {A8ECE203-B927-4437-968E-01BC3A3A88EA} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {CAFB4C14-5207-4470-BBEF-9E404AF0A154} - System32\Tasks\EPSON ET-4500 Series Update {56119029-43FF-465D-A2C9-02907425CEE5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {DB73B6B9-3682-4DDA-A345-58181FB10AA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {EC39C950-A9EA-4AC8-95C6-80321F5117F1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_Plugin.exe [1457208 2019-07-09] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON ET-4500 Series Update {131A25B8-8DE8-4931-BD51-1047FAF71DBB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE:/EXE:{131A25B8-8DE8-4931-BD51-1047FAF71DBB} /F:UpdateWORKGROUP\DESKTOP-30U2V9N$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON ET-4500 Series Update {56119029-43FF-465D-A2C9-02907425CEE5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSMUE.EXE:/EXE:{56119029-43FF-465D-A2C9-02907425CEE5} /F:UpdateWORKGROUP\DESKTOP-30U2V9N$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{90c3b799-70c0-45fe-b52e-47fdad933c93}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.3.50&locale=US_en&guid=4958DA7A-9204-4E85-8BF1-1F45C925EF5E&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=1000&geo=US&ver=22.17.3.50&locale=US_en&guid=4958DA7A-9204-4E85-8BF1-1F45C925EF5E&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-05-24] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -> C:\Program Files (x86)\Microsoft Money\System\mnyside.dll [2002-07-17] (Microsoft Corporation) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.4.2.0_neutral__v68kp9n051hdp [2019-06-18]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-02-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_223.dll [2019-07-09] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR Profile: C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default [2018-11-03]
CHR Extension: (Slides) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-03]
CHR Extension: (Docs) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-03]
CHR Extension: (Google Drive) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-03]
CHR Extension: (YouTube) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-03]
CHR Extension: (Norton Security Toolbar) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2018-10-30]
CHR Extension: (Norton Safe Search) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2018-10-30]
CHR Extension: (Sheets) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-03]
CHR Extension: (Gmail) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-03]
CHR Extension: (Chrome Media Router) - C:\Users\blair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-30]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [681400 2018-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe [933200 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5356848 2019-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\BASHDefs\20190729.001\BHDrvx64.sys [1935880 2019-06-18] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [113888 2018-05-02] (CyberLink Corp. -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-12-05] (Intel Corporation -> Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-05] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.0.183\Definitions\IPSDefs\20190802.001\IDSvia64.sys [1451016 2019-08-01] (Symantec Corporation -> Symantec Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-08-02] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-02] (Malwarebytes Corporation -> Malwarebytes)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSP64.SYS [864776 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-25] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.0.183\SymPlatform\SymEvnt.sys [717832 2019-07-15] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\symnets.sys [573448 2019-06-20] (Symantec Corporation -> Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-08-02] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-24] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\wpCtrlDrv.sys [1012120 2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

blairman

TS Booster
==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-02 22:28 - 2019-08-02 22:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-08-02 20:46 - 2019-08-02 20:46 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-02 20:46 - 2019-08-02 20:46 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-08-02 20:46 - 2019-08-02 20:46 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-08-02 20:46 - 2019-08-02 20:46 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-02 20:41 - 2019-08-02 20:43 - 000000000 ____D C:\AdwCleaner
2019-08-02 20:40 - 2019-08-02 20:40 - 000001231 _____ C:\Users\blair\Desktop\ADWcleantxt.txt
2019-08-02 20:38 - 2019-08-02 20:38 - 007623880 _____ (Malwarebytes) C:\Users\blair\Desktop\AdwCleaner.exe
2019-08-02 20:29 - 2019-08-02 20:29 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-08-02 20:29 - 2019-08-02 20:29 - 000000000 ____D C:\Users\blair\AppData\Local\mbamtray
2019-08-02 20:29 - 2019-08-02 20:29 - 000000000 ____D C:\Users\blair\AppData\Local\mbam
2019-08-02 20:28 - 2019-08-02 20:28 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-02 20:28 - 2019-08-02 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-02 20:28 - 2019-08-02 20:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-02 20:28 - 2019-08-02 20:28 - 000000000 ____D C:\Program Files\Malwarebytes
2019-08-02 20:28 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-08-02 20:28 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-08-02 20:27 - 2019-08-02 20:27 - 000002168 _____ C:\Users\blair\Desktop\rkreport.txt
2019-08-02 20:25 - 2019-08-02 20:26 - 064333800 _____ (Malwarebytes ) C:\Users\blair\Desktop\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-02 06:34 - 2019-08-02 06:34 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-08-02 06:33 - 2019-08-02 06:34 - 000000000 ____D C:\ProgramData\RogueKiller
2019-08-02 06:33 - 2019-08-02 06:33 - 000003156 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-08-02 06:33 - 2019-08-02 06:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-08-02 06:33 - 2019-08-02 06:33 - 000000000 ____D C:\Program Files\RogueKiller
2019-08-02 06:31 - 2019-08-02 06:32 - 030667800 _____ (Adlice Software ) C:\Users\blair\Desktop\RogueKiller_setup_ref3.exe
2019-08-01 06:37 - 2019-08-01 06:38 - 000034610 _____ C:\Users\blair\Desktop\Addition.txt
2019-08-01 06:35 - 2019-08-03 06:12 - 000029439 _____ C:\Users\blair\Desktop\FRST.txt
2019-08-01 06:35 - 2019-08-03 06:10 - 000000000 ____D C:\FRST
2019-08-01 06:34 - 2019-08-01 06:35 - 002096128 _____ (Farbar) C:\Users\blair\Desktop\FRST64.exe
2019-07-30 05:57 - 2019-07-30 05:57 - 000000000 ___HD C:\OneDriveTemp
2019-07-25 07:44 - 2019-07-25 07:45 - 000029318 _____ C:\Users\blair\Documents\Copy of BidInventory22July.xlsx
2019-07-11 16:03 - 2019-07-11 16:03 - 000039402 _____ C:\Users\blair\Downloads\lZRr2HE4.pdf
2019-07-10 00:55 - 2019-08-02 21:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2019-07-10 00:49 - 2019-08-02 20:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-07-10 00:49 - 2019-07-10 00:49 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-07-09 23:13 - 2019-07-09 23:13 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 023454208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 019012096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 012938752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 012243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 008900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007876096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 007727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006545304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006308232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005587976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 005115384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 004880896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003738624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 003427328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002942464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002714624 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002393088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002323688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002278784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-07-09 23:13 - 2019-07-09 23:13 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-07-09 23:13 - 2019-07-09 23:13 - 002013696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001477648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001465464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001427592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001266192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-09 23:13 - 2019-07-09 23:13 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001159168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 001075712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000964608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000828728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000804744 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000798736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000747568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000687896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000673520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2019-07-09 23:13 - 2019-07-09 23:13 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000660032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000652528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000317456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000279920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutil.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fsutil.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000137864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000092592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-09 23:13 - 2019-07-09 23:13 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompMgmtLauncher.exe
2019-07-09 23:13 - 2019-07-09 23:13 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-07-09 23:13 - 2019-07-09 23:13 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 022115472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 009683472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 007687784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 007645600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 006925312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005566464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005561312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005528064 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 005297664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 004588752 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 004351448 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003818416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 003636224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 003630592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003385856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 003335216 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 003081728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002982400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002871816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 002778760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002766136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002701000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002693120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002645504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002626872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002593336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 002406928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002200080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002085376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002073472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 002050048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001966904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001863168 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001837136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001794048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001721352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001715000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001713976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001702088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-09 23:12 - 2019-07-09 23:12 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001668752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001662480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001522488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001472808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001397048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001345168 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-09 23:12 - 2019-07-09 23:12 - 001321784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001259520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001199616 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001162320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001125416 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 001038336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 001010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000998928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000987736 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000895552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000871784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000865272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000850992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000810504 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000807480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000799776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000771584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000768224 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000758896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000731104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000730936 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000680176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000651792 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000637968 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000617784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000580024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000553992 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-07-09 23:12 - 2019-07-09 23:12 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000514136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000511504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000506408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000482104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2019-07-09 23:12 - 2019-07-09 23:12 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000464912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000423480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-07-09 23:12 - 2019-07-09 23:12 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000397688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000351432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000333128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.shareexperience.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000310288 _____ (Microsoft Corporation) C:\WINDOWS\system32\computestorage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000298296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000294000 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000241944 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000219448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000212792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000203272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000197832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2019-07-09 23:12 - 2019-07-09 23:12 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcaSvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000157024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000149232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000141216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000121896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000117720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2019-07-09 23:12 - 2019-07-09 23:12 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-07-09 23:12 - 2019-07-09 23:12 - 000071696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2019-07-09 23:12 - 2019-07-09 23:12 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000036360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-07-09 23:12 - 2019-07-09 23:12 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-07-09 23:11 - 2019-07-09 23:12 - 000652296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-03 06:11 - 2019-02-23 17:19 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A14FC9E8-924F-4236-9F86-52C4CCA9419F}
2019-08-02 22:38 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-02 21:20 - 2019-02-23 17:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-02 20:57 - 2018-09-08 13:45 - 000000000 ____D C:\Users\blair\AppData\Local\CrashDumps
2019-08-02 20:52 - 2019-02-23 17:24 - 000844988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-02 20:52 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-08-02 20:49 - 2018-04-28 18:30 - 000000000 ___RD C:\Users\blair\OneDrive
2019-08-02 20:48 - 2018-09-15 02:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-08-02 20:46 - 2019-03-25 21:25 - 000002415 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-08-02 20:45 - 2019-02-23 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-02 20:43 - 2018-09-15 02:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-08-02 20:35 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-02 20:35 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-02 20:28 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-25 07:16 - 2018-04-28 18:27 - 000000000 ____D C:\Users\blair\AppData\Local\Packages
2019-07-15 19:35 - 2018-09-03 16:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-15 19:35 - 2018-09-03 16:02 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-10 01:19 - 2018-09-03 14:42 - 000000000 ____D C:\Program Files\Common Files\AV
2019-07-10 00:52 - 2018-09-03 11:00 - 000000000 ___RD C:\Users\blair\3D Objects
2019-07-10 00:52 - 2017-04-20 11:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-10 00:50 - 2019-03-25 21:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-07-10 00:47 - 2019-02-23 17:07 - 000468224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-10 00:44 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-10 00:44 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-10 00:44 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-09 23:23 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-09 23:22 - 2018-04-28 22:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-09 23:20 - 2018-04-28 22:08 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-09 23:19 - 2017-03-18 17:03 - 000000188 _____ C:\WINDOWS\win.ini
2019-07-09 15:36 - 2019-06-11 21:36 - 006074936 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-07-09 15:36 - 2019-02-23 17:19 - 000004588 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-09 15:36 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-09 15:36 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-05 13:57 - 2019-04-07 15:10 - 000000000 ____D C:\Users\blair\AppData\Roaming\audacity
2019-07-04 06:57 - 2019-02-23 17:19 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1210828405-2936577779-2417566558-1003
2019-07-04 06:57 - 2019-02-23 17:11 - 000002420 _____ C:\Users\blair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

blairman

TS Booster
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by blair (03-08-2019 06:13:05)
Running from C:\Users\blair\Desktop
Windows 10 Pro Version 1809 17763.615 (X64) (2019-02-23 21:38:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1210828405-2936577779-2417566558-500 - Administrator - Disabled)
blair (S-1-5-21-1210828405-2936577779-2417566558-1003 - Administrator - Enabled) => C:\Users\blair
DefaultAccount (S-1-5-21-1210828405-2936577779-2417566558-503 - Limited - Disabled)
Guest (S-1-5-21-1210828405-2936577779-2417566558-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1210828405-2936577779-2417566558-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.223 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Audacity 2.3.1 (HKLM-x32\...\Audacity_is1) (Version: 2.3.1 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.12508 - CyberLink Corp.)
CyberLink Power2Go 12 (HKLM-x32\...\{A59F6DC9-8562-49d6-8C03-3F3AF0C5C0D3}) (Version: 12.0.0516 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.1.9529.0 - CyberLink Corp.)
Dragon's Challenge (HKLM-x32\...\Dragon's Challenge) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.83.0000 - Seiko Epson Corporation)
EPSON ET-4500 Series Printer Uninstall (HKLM\...\EPSON ET-4500 Series) (Version: - SEIKO EPSON Corporation)
Epson ET-4500 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson ET-4500 User’s Guide_is1) (Version: 1.0 - )
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.38.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Encarta Encyclopedia Standard 2003 (HKLM-x32\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft Money 2003 (HKLM-x32\...\{01F9D88C-3C86-4E82-840A-101A3221F67A}) (Version: 11.0.50 - Microsoft)
Microsoft Money 2003 System Pack (HKLM-x32\...\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}) (Version: 11.0.80 - Microsoft)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM-x32\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Streets and Trips 2002 (HKLM-x32\...\{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}) (Version: 9.00.17.0200 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM-x32\...\Works2003Setup) (Version: - )
Microsoft Works 7.0 (HKLM-x32\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RogueKiller version 13.3.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.3.2.0 - Adlice Software)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VoiceSupport 2 version 1.1.00 build 136 (HKLM-x32\...\{E7D58981-DCAB-4D71-8B2B-2574D5B67B06}_is1) (Version: 1.1.00 build 136 - TC-Helicon)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Works Suite OS Pack (HKLM-x32\...\{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}) (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1550.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.143.600.0_x86__kgqvnymyfvs32 [2019-07-11] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.521.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation) [MS Ad]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.2.0.9_x86__h6adky7gbf63m [2019-07-30] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.12.28.0_x64__8wekyb3d8bbwe [2019-07-09] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.4.2.0_neutral__v68kp9n051hdp [2019-06-18] (Symantec Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-04-28] (Plex)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-05-31] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt12] -> {40BCC74A-C61A-4D0E-A93C-5CDE5ACB3BEC} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt12.dll [2018-05-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt12] -> {40BCC74A-C61A-4D0E-A93C-5CDE5ACB3BEC} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt12.dll [2018-05-16] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-09-03 15:55 - 2018-05-16 04:17 - 000695808 _____ () [File not signed] C:\Program Files (x86)\CyberLink\Power2Go12\tag.dll
1998-06-01 00:00 - 1998-06-01 00:00 - 003792896 _____ () [File not signed] C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
1997-07-11 00:00 - 1997-07-11 00:00 - 000061440 _____ () [File not signed] C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2018-09-03 15:55 - 2018-05-16 04:17 - 012214784 _____ (Codejock Software) [File not signed] C:\Program Files (x86)\CyberLink\Power2Go12\ToolkitPro1820vc110U.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 000016384 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Microsoft Office\Office\osaintl.dll
2015-12-17 11:11 - 2015-12-17 11:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000096768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000278528 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000065536 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000069632 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000339968 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000086016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000241664 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000022016 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2018-09-03 17:29 - 2018-02-12 12:00 - 000077824 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000786432 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000278528 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2018-09-03 17:29 - 2018-02-13 01:00 - 000299008 _____ (SEIKO EPSON) [File not signed] C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060918360\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919251\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\blair\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20120923_100031.jpg
HKU\S-1-5-21-1210828405-2936577779-2417566558-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08032019060919548\Control Panel\Desktop\\Wallpaper -> C:\Users\blair\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20120923_100031.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0FAB93BD-EAAC-4408-9E0B-48872F46239B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{93F3D799-2B98-4CDA-A6CD-B87E81AC4463}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D542570C-9186-447E-AB01-7757C8DFD763}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{111CAE95-2C67-4A59-A71A-8374C0AC79EF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F6F8729B-9F86-4AB2-8EB1-BE1728A16708}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{72EC973B-6AD0-43CE-8683-6B4A9B93AB42}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{63187B60-F583-4C19-98E4-C3BC8842E393}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{AEF9BC56-497A-4732-8421-7E70DD2ACE4C}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{14B03B0C-D13B-4234-849A-AA791FFB0BA1}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{E23BBA73-22FE-46CF-A526-0AF190C4CF53}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{E27CDA27-3D9C-412E-9960-D8693DD7CD88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1B5F7B1-B8F4-48DB-BCAE-E1F2085D3A0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFC41E91-69CE-438A-AB8C-1A80BDA788F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9A4241A7-42BA-467C-97E1-FABCE4331588}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2B787EC7-3C1F-4F3B-B0EB-63BEAC0AC209}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5509CA4E-5843-460A-8F34-EA117E3CAD07}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4662ADD2-7BC2-4E66-A45B-EC5624821BDF}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A967CBEF-9F90-4A28-84D7-4A11925266F9}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B16F36FE-825A-48FA-B2FB-1AF6F64348D1}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B8CBB73-503A-43BC-BE5B-CF529654CEA0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F39DFEC-2120-41A4-B237-7E0254ABB07B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{63FC8E8E-4857-4D06-B32E-546FD1AA8BCC}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{9ADC4FF7-9E99-4189-97A7-550FE10BB834}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

==================== Restore Points =========================

18-07-2019 06:59:04 Scheduled Checkpoint
25-07-2019 08:23:19 Scheduled Checkpoint
01-08-2019 18:47:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2019 08:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17763.1, time stamp: 0x90f701bc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000203
Faulting process id: 0x261c
Faulting application start time: 0x01d5499671a2bb30
Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 1f2741ca-e7e1-4a66-a9a4-c4937a4f22d1
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (08/02/2019 07:07:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1781

Error: (08/02/2019 07:07:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1781

Error: (08/02/2019 07:07:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/02/2019 06:25:13 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/01/2019 07:11:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/31/2019 09:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.17763.592, time stamp: 0xc4e09c10
Faulting module name: KERNELBASE.dll, version: 10.0.17763.615, time stamp: 0x832170f2
Exception code: 0x8007000e
Fault offset: 0x0011fd62
Faulting process id: 0x5268
Faulting application start time: 0x01d5480a90925422
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fcac4791-cec2-445c-aec2-21d8360940a4
Faulting package full name:
Faulting package-relative application ID:

Error: (07/31/2019 06:24:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (08/03/2019 06:09:17 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (08/03/2019 06:09:02 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (08/03/2019 06:08:46 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (08/03/2019 06:08:31 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (08/03/2019 06:08:16 AM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x1E030185, FWSTS1: 0x10280006).

Error: (08/02/2019 08:49:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/02/2019 08:49:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/02/2019 08:49:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-30U2V9N)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user DESKTOP-30U2V9N\blair SID (S-1-5-21-1210828405-2936577779-2417566558-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-08-03 06:16:15.427
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:15.414
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:15.411
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:15.408
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:15.369
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:15.330
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:12.946
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-03 06:16:12.920
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard J01 v02.15 11/10/2011
Motherboard: Hewlett-Packard 1497
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 24464 MB
Available physical RAM: 19115.64 MB
Total Virtual: 28048 MB
Available Virtual: 22394.03 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1862.07 GB) (Free:1199.67 GB) NTFS

\\?\Volume{91bce63f-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{91bce63f-0000-0000-0000-d0a3d1010000}\ () (Fixed) (Total:0.46 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 91BCE63F)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466 MB) - (Type=27)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
All clean.

Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 

blairman

TS Booster
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 32.0.0.223
Google Chrome (75.0.3770.142)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 

blairman

TS Booster
Farbar Service Scanner Version: 27-01-2016
Ran by blair (administrator) on 03-08-2019 at 07:35:27
Running from "C:\Users\blair\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

blairman

TS Booster
2019-08-03 20:11:18.112 Sophos Virus Removal Tool version 2.7.0
2019-08-03 20:11:18.112 Copyright (c) 2009-2018 Sophos Limited. All rights reserved.

2019-08-03 20:11:18.112 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2019-08-03 20:11:18.112 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2019-08-03 20:11:18.112 Checking for updates...
2019-08-03 20:11:18.142 Update progress: proxy server not available
2019-08-03 20:11:29.034 Option all = no
2019-08-03 20:11:29.034 Option recurse = yes
2019-08-03 20:11:29.034 Option archive = no
2019-08-03 20:11:29.034 Option service = yes
2019-08-03 20:11:29.034 Option confirm = yes
2019-08-03 20:11:29.034 Option sxl = yes
2019-08-03 20:11:29.036 Option max-data-age = 35
2019-08-03 20:11:29.036 Option vdl-logging = yes
2019-08-03 20:11:29.036 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2019-08-03 20:11:29.036 Machine ID: b2a1804c5f8e4e46b34132c4f772cca3
2019-08-03 20:11:29.044 Component SVRTcli.exe version 2.7.0
2019-08-03 20:11:29.044 Component control.dll version 2.7.0
2019-08-03 20:11:29.044 Component SVRTservice.exe version 2.7.0
2019-08-03 20:11:29.046 Component engine\osdp.dll version 1.44.1.2451
2019-08-03 20:11:29.046 Component engine\veex.dll version 3.76.0.2451
2019-08-03 20:11:29.046 Component engine\savi.dll version 9.0.14.2451
2019-08-03 20:11:29.046 Component rkdisk.dll version 1.5.33.1
2019-08-03 20:11:29.046 Version info: Product version 2.7.0
2019-08-03 20:11:29.046 Version info: Detection engine 3.76.0
2019-08-03 20:11:29.046 Version info: Detection data 5.64
2019-08-03 20:11:29.046 Version info: Build date 6/3/2019
2019-08-03 20:11:29.046 Version info: Data files added 273
2019-08-03 20:11:29.046 Version info: Last successful update (not yet updated)
2019-08-03 20:11:33.684 Downloading updates...
2019-08-03 20:11:33.684 Update progress: [I96736] sdds.svrt_v1.12: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2019-08-03 20:11:33.684 Update progress: [I95020] sdds.svrt_v1.12: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-03 20:11:33.684 Update progress: [I22529] sdds.svrt_v1.12: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-03 20:11:33.684 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update-B: url=SOPHOS
2019-08-03 20:11:33.684 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2019-08-03 20:11:33.684 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2019-08-03 20:11:33.684 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 125 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6bbae4fe850987b05a1bd8c0bb74f138x000.xml: 4897 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6bbae4fe850987b05a1bd8c0bb74f138x000.xml: 94 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 05368725b6459a246530e76080568b97x000.xml: 8673 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 05368725b6459a246530e76080568b97x000.xml: 125 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE569/1e879d0da87b17d6842b8f7f1b48a49ax000.xml: 590 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE569/1e879d0da87b17d6842b8f7f1b48a49ax000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 598 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: SXLSUP/9658bb75e4104455fe802645d41af3dax000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE560/0167d8cf884d717c1779abc52d17cb71x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE560/0167d8cf884d717c1779abc52d17cb71x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE557/13239828b0b1bf83de4692d775629148x000.xml: 78 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE554/1883db40022af8cbc8fd680f1c4185ddx000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE565/1ce171d7f5b9565065bf17a44774f0a1x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE550/1e04bd4f6cc5b189217b416d0cacd23ax000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE553/236bb4ca0d2561a8e59124e4a65837c9x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE558/3a1dfb2d23615d09497b1db3305e32dax000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE558/3a1dfb2d23615d09497b1db3305e32dax000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE552/49e28e1f82adf19b43a3acfb11c919bax000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE551/69eda22632d06ac2df0c576c5946841fx000.xml: 46 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE561/6c1dd3a5196572a9bb41e9156eb30577x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE561/6c1dd3a5196572a9bb41e9156eb30577x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE567/7b23de79c99d2127137bb3a2e2e9ab95x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE555/9f59846a02fa77254f4813df557d969bx000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE559/bf3b91a4649162f3b240ef9f3d9d7c65x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE559/bf3b91a4649162f3b240ef9f3d9d7c65x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE563/cc18c9c4f72ead6c0bb51284002291cax000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE563/cc18c9c4f72ead6c0bb51284002291cax000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE556/cd085cdff0109eb84b9c16d718521445x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE566/d051415c7c83e949b41461e8db404aedx000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE562/d7da1c8549bd88228f71a41e440c4772x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE562/d7da1c8549bd88228f71a41e440c4772x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE564/fc86ecada014384667e0ec752820eec7x000.xml: 601 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE564/fc86ecada014384667e0ec752820eec7x000.xml: 31 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: IDE568/40b3c3c01a9510bacbc8181ff47e9727x000.xml: 6468 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: IDE568/40b3c3c01a9510bacbc8181ff47e9727x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 02b74ebe963a45c350fdfcc2feea061cx000.xml: 615 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 02b74ebe963a45c350fdfcc2feea061cx000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c328e9ffae39972d76b744ddde1825c8x000.xml: 320 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c328e9ffae39972d76b744ddde1825c8x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 753 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0c458d84352f35f2b272f8b87e9f9576x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 331 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c7f0eec8cb5f488397216dcfb7e98e8x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5c518d5be60608ac6bd5325ef02b8a7ex000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5c518d5be60608ac6bd5325ef02b8a7ex000.xml: 78 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 211a9b2ae569945c9fe3e1ca74a2c644x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 211a9b2ae569945c9fe3e1ca74a2c644x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 24be0fc59a0372038b7fbb3af3e19d21x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4ccc0244dafdc3a404f8bb420c2a165x000.xml: 46 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1b5385d6d93fc43e87fc7d723b90aab9x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 44df079c17c27192400c73a86d16785fx000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 44df079c17c27192400c73a86d16785fx000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 32f2c03993b8d3414be5d9d714792de3x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 32f2c03993b8d3414be5d9d714792de3x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 13ff2225063d88f220fa6841f37c8371x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 13ff2225063d88f220fa6841f37c8371x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9e72c50dc4507dfba988367b178eda4ax000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9e72c50dc4507dfba988367b178eda4ax000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e0a2f9d4b770945eb817f82acf76dc76x000.xml: 32 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4c204ac4b99df718739c309d0f4ab76bx000.xml: 218 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 46e9b0f78df0d20502af43f391ffc506x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 46e9b0f78df0d20502af43f391ffc506x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7fe1eebcf235024389043a634ef20366x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7fe1eebcf235024389043a634ef20366x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9ec625dcb3a242e1fece93286451a352x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9ec625dcb3a242e1fece93286451a352x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: eaba289b0a9e187ed96137c42bf85645x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: eaba289b0a9e187ed96137c42bf85645x000.xml: 203 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4e261308128b5b42bf54c232030ea27x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4e261308128b5b42bf54c232030ea27x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d9072ffa19fc0ff71a828d7ca2bc7828x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1d98051334b3ea8a0b042e0bb99bc283x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da92f17acb85d0a5bdb85ace75b37afcx000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da92f17acb85d0a5bdb85ace75b37afcx000.xml: 110 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d2bd1911114961b92c55d33d6faa1a9ax000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d2bd1911114961b92c55d33d6faa1a9ax000.xml: 46 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 78c5bd6e43890df1ecf3457a9b5a5dd1x000.xml: 219 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2302ad75630d4b58cca278062b8b5de4x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2302ad75630d4b58cca278062b8b5de4x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 65b7509646b00610cf1732a01f49a46fx000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 65b7509646b00610cf1732a01f49a46fx000.xml: 141 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f6ec5061dd7e77923111541727311aa2x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f6ec5061dd7e77923111541727311aa2x000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4f4a648042a613c869eddf17703b772ax000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4f4a648042a613c869eddf17703b772ax000.xml: 78 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: d86540a0b23bc7236508f5b443729232x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: d86540a0b23bc7236508f5b443729232x000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 20d640fb5ddff12944b1b5c3e34a4ca7x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 20d640fb5ddff12944b1b5c3e34a4ca7x000.xml: 94 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2ee4a92ec19fb16304c745c83ce570dbx000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2ee4a92ec19fb16304c745c83ce570dbx000.xml: 62 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59c292069cc0fcbe6fbcf8d4289432a4x000.xml: 141 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ace8e7b646829af68be5b32bbcc82570x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ace8e7b646829af68be5b32bbcc82570x000.xml: 31 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f22440c76fa98b33be36804ffa922b99x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f22440c76fa98b33be36804ffa922b99x000.xml: 468 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 677c6984b6b0fcb32a84bb4f05a2e35ax000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7a3833618c1adde4d2e20d2de6f3fa16x000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7a3833618c1adde4d2e20d2de6f3fa16x000.xml: 109 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9368403163321ca023d9919cfc51be64x000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9368403163321ca023d9919cfc51be64x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 1027 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 2c9f2b4a3bd9b8aa278af484075cffbbx000.xml: 94 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 338 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 542303d59e10e8dcd6b025d5e810d68dx000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3b398d9d567878e44028b17cedc93f9fx000.xml: 877 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3b398d9d567878e44028b17cedc93f9fx000.xml: 78 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e9dc91e44cc367711490670ea1665011x000.xml: 333 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e9dc91e44cc367711490670ea1665011x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6585fcf262a911bcfd7f32042f1b9d00x000.xml: 877 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6585fcf262a911bcfd7f32042f1b9d00x000.xml: 109 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5dfa9f6a0e6ebbfd5799c5ca67182fd9x000.xml: 333 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5dfa9f6a0e6ebbfd5799c5ca67182fd9x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 9d792492b832c41f3d65f4cd9e1bf4f7x000.xml: 877 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 9d792492b832c41f3d65f4cd9e1bf4f7x000.xml: 78 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6bec591c9316ba3190fd377b343c2abex000.xml: 333 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6bec591c9316ba3190fd377b343c2abex000.xml: 63 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6ddabda366a3dc4a96c1cff0a8cfc127x000.xml: 877 bytes
2019-08-03 20:11:33.684 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6ddabda366a3dc4a96c1cff0a8cfc127x000.xml: 47 ms
2019-08-03 20:11:33.684 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f70e0292f3577e51c8d6a2c4d125151ex000.xml: 333 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f70e0292f3577e51c8d6a2c4d125151ex000.xml: 47 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: a4f2d842f54af2526f06b524ac139164x000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: a4f2d842f54af2526f06b524ac139164x000.xml: 62 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: be74fd39d589ff41602b9b8d8d06039fx000.xml: 333 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: be74fd39d589ff41602b9b8d8d06039fx000.xml: 47 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4b8381f259a6f918dd58bc6f703dec5ex000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4b8381f259a6f918dd58bc6f703dec5ex000.xml: 93 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 06b9c2028b78108dc217f1ac33aacce9x000.xml: 333 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 06b9c2028b78108dc217f1ac33aacce9x000.xml: 47 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 25f51b88ce555ff18eb69a9203aa3cefx000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 25f51b88ce555ff18eb69a9203aa3cefx000.xml: 94 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 01b099883db5924e11670920f817abd2x000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 01b099883db5924e11670920f817abd2x000.xml: 46 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: e4eddb50a17facb539b6a141dc3ce2ecx000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: e4eddb50a17facb539b6a141dc3ce2ecx000.xml: 157 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 0fa1e42207dfcb41c03a112d74a829cex000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 0fa1e42207dfcb41c03a112d74a829cex000.xml: 62 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 1986b3ccb00cbc4ed80afa5d0245d3d6x000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 1986b3ccb00cbc4ed80afa5d0245d3d6x000.xml: 110 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5a2951c011ce1b6a96abafa766aa39fdx000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5a2951c011ce1b6a96abafa766aa39fdx000.xml: 46 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 03958e0115ef3c060b28dab1eafbdbd4x000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 03958e0115ef3c060b28dab1eafbdbd4x000.xml: 63 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: da51f91c2d2391014b7ac94ddf54fd25x000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: da51f91c2d2391014b7ac94ddf54fd25x000.xml: 47 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: cdbc762af9fc05f6851fc48560f4f006x000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: cdbc762af9fc05f6851fc48560f4f006x000.xml: 125 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 3ca28862f6f0a37d90ae70e13a4d240fx000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 3ca28862f6f0a37d90ae70e13a4d240fx000.xml: 32 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 09e1887f20ae7dd48b41a47ff3eef0eex000.xml: 877 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 09e1887f20ae7dd48b41a47ff3eef0eex000.xml: 109 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 82044a10659d84789ed389f8e327cbc8x000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 82044a10659d84789ed389f8e327cbc8x000.xml: 47 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 864939f0aae4e79b0bd6a64e145ca2f5x000.xml: 1027 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 864939f0aae4e79b0bd6a64e145ca2f5x000.xml: 94 ms
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: efc11c4954a1c26b3f0a67640930e045x000.xml: 335 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: efc11c4954a1c26b3f0a67640930e045x000.xml: 31 ms
2019-08-03 20:11:33.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE565 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2019-08-03 20:11:33.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE565 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE565 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE566 LATEST path= baseVersion= [included from product IDE565 LATEST path=]
2019-08-03 20:11:33.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE566 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE566 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE567 LATEST path= baseVersion= [included from product IDE566 LATEST path=]
2019-08-03 20:11:33.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE567 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE567 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE568 LATEST path= baseVersion= [included from product IDE567 LATEST path=]
2019-08-03 20:11:33.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE568 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE568 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I49502] sdds.data0910.xml: found supplement IDE569 LATEST path= baseVersion= [included from product IDE568 LATEST path=]
2019-08-03 20:11:33.700 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE569 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE569 LATEST path=
2019-08-03 20:11:33.700 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2019-08-03 20:11:33.700 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: b665a1ba9c5d6e1823ab41beaff42416x000.xml: 82628 bytes
2019-08-03 20:11:33.700 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: b665a1ba9c5d6e1823ab41beaff42416x000.xml: 282 ms
2019-08-03 20:11:33.700 Update progress: [I19463] Product download size 223192755 bytes
2019-08-03 20:12:03.648 Update progress: [I19463] Syncing product IDE565 LATEST path=
2019-08-03 20:12:03.648 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 59511491e02f7189056be86f467170e2x000.xml: 26230 bytes
2019-08-03 20:12:03.648 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 59511491e02f7189056be86f467170e2x000.xml: 750 ms
2019-08-03 20:12:03.648 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 5e54df4212317175993a70c3c51e3bb2x000.xml: 397 bytes
2019-08-03 20:12:03.648 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 5e54df4212317175993a70c3c51e3bb2x000.xml: 375 ms
2019-08-03 20:12:03.648 Update progress: [I19463] Product download size 1853169 bytes
2019-08-03 20:12:12.493 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 6406fde2cbbc71edbf5ed5961fdc8c8bx000.xml: 6036 bytes
2019-08-03 20:12:12.493 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 6406fde2cbbc71edbf5ed5961fdc8c8bx000.xml: 140 ms
2019-08-03 20:12:12.767 Update progress: [I19463] Syncing product IDE566 LATEST path=
2019-08-03 20:12:12.767 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: df003e82bf7cfa530fbbb76547585383x000.xml: 27476 bytes
2019-08-03 20:12:12.767 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: df003e82bf7cfa530fbbb76547585383x000.xml: 203 ms
2019-08-03 20:12:12.767 Update progress: [I19463] Product download size 1645235 bytes
2019-08-03 20:12:17.183 Update progress: [I19463] Syncing product IDE567 LATEST path=
2019-08-03 20:12:17.183 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8fe8f6bfe9e7b646c6cc40a6068f6c54x000.xml: 27728 bytes
2019-08-03 20:12:17.183 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8fe8f6bfe9e7b646c6cc40a6068f6c54x000.xml: 250 ms
2019-08-03 20:12:17.183 Update progress: [I19463] Product download size 1766233 bytes
2019-08-03 20:12:27.838 Update progress: [I19463] Syncing product IDE568 LATEST path=
2019-08-03 20:12:27.838 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 145340c07008f8c26db2e6f9062b3b1dx000.xml: 4116 bytes
2019-08-03 20:12:27.838 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 145340c07008f8c26db2e6f9062b3b1dx000.xml: 94 ms
2019-08-03 20:12:27.838 Update progress: [I19463] Product download size 300854 bytes
2019-08-03 20:12:30.012 Update progress: [I19463] Syncing product IDE569 LATEST path=
2019-08-03 20:12:30.012 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2019-08-03 20:12:30.012 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 79 ms
2019-08-03 20:12:30.128 Installing updates...
2019-08-03 20:12:30.767 Error level 1
2019-08-03 20:13:10.309 Update successful
2019-08-03 20:13:19.443 Option all = no
2019-08-03 20:13:19.443 Option recurse = yes
2019-08-03 20:13:19.443 Option archive = no
2019-08-03 20:13:19.443 Option service = yes
2019-08-03 20:13:19.443 Option confirm = yes
2019-08-03 20:13:19.443 Option sxl = yes
2019-08-03 20:13:19.445 Option max-data-age = 35
2019-08-03 20:13:19.445 Option vdl-logging = yes
2019-08-03 20:13:19.445 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2019-08-03 20:13:19.445 Machine ID: b2a1804c5f8e4e46b34132c4f772cca3
2019-08-03 20:13:19.453 Component SVRTcli.exe version 2.7.0
2019-08-03 20:13:19.453 Component control.dll version 2.7.0
2019-08-03 20:13:19.453 Component SVRTservice.exe version 2.7.0
2019-08-03 20:13:19.453 Component engine\osdp.dll version 1.44.1.2451
2019-08-03 20:13:19.455 Component engine\veex.dll version 3.76.0.2451
2019-08-03 20:13:19.455 Component engine\savi.dll version 9.0.14.2451
2019-08-03 20:13:19.455 Component rkdisk.dll version 1.5.33.1
2019-08-03 20:13:19.455 Version info: Product version 2.7.0
2019-08-03 20:13:19.455 Version info: Detection engine 3.76.0
2019-08-03 20:13:19.455 Version info: Detection data 5.64
2019-08-03 20:13:19.455 Version info: Build date 6/3/2019
2019-08-03 20:13:19.455 Version info: Data files added 342
2019-08-03 20:13:19.455 Version info: Last successful update 8/3/2019 4:13:10 PM

2019-08-03 20:44:05.369 Could not open C:\hiberfil.sys
2019-08-03 20:44:08.692 Could not open C:\pagefile.sys
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_AVPAPP_{BB639333-810A-4bf8-85F5-C537857F55FC}1
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_CSDK_ServiceG
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_CSDK_Session1
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_ICFMGR_{F34173A0-C9EA-45ab-B832-29D35E6D04EC}G
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_RDRPluginG
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_SNDPluginG
2019-08-03 20:57:32.734 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_SvcMgr-A2B50D70-5EA1-45a0-A983-0DB9E7101676G
2019-08-03 20:57:32.750 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\CmnClnt\_lck\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}1
2019-08-03 20:57:42.363 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\sef\databases\ProcessClassifier\pc_process_events\LOCK
2019-08-03 20:57:42.479 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\sef\databases\scheduler\jobsdb\LOCK
2019-08-03 20:57:42.579 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC_22.17.0.183\sef\databases\SmartListing\ha_submission_events\LOCK
2019-08-03 20:58:17.694 Could not open C:\swapfile.sys
2019-08-03 20:58:18.057 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 20:58:18.057 Could not open C:\System Volume Information\{3d265bd4-a945-11e9-b258-80c16efb3e02}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 20:58:18.057 Could not open C:\System Volume Information\{856cfad6-aed1-11e9-b258-80c16efb3e02}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 20:58:18.064 Could not open C:\System Volume Information\{8960c3f4-b2be-11e9-b258-80c16efb3e02}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 20:58:18.064 Could not open C:\System Volume Information\{a9ad2b89-b4a8-11e9-b258-80c16efb3e02}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 20:58:18.064 Could not open C:\System Volume Information\{f4e3a80f-b587-11e9-b259-80c16efb3e02}{3808876b-c176-4e48-b7ae-04046e6cc752}
2019-08-03 21:00:07.479 Could not open C:\Users\blair\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2019-08-03 21:00:07.479 Could not open C:\Users\blair\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2019-08-03 21:08:02.582 Could not open C:\Users\blair\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\Local\Microsoft\OneDrive\OneDrive.exe
2019-08-03 21:08:02.667 Could not open C:\Users\blair\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
2019-08-03 21:08:02.682 Could not open C:\Users\blair\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCache\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
2019-08-03 21:14:53.491 >>> Virus 'Mal/Phish-A' found in file C:\Users\blair\Documents\EVO\SDCARD BACKUPS\FEB11th2013\.Mail\1302274850838
2019-08-03 21:16:15.163 >>> Virus 'Mal/Phish-A' found in file C:\Users\blair\Documents\EVO\SDCARD BACKUPS\JULY8TH2012\.Mail\1302274850838
2019-08-03 22:21:20.762 Could not open C:\Windows\System32\catroot2\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\catdb
2019-08-03 22:21:20.778 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2019-08-03 22:21:20.778 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2019-08-03 22:21:27.229 Could not open C:\Windows\System32\config\BBI
2019-08-03 22:39:08.742 Could not open LOGICAL:0003:00000000
2019-08-03 22:39:08.758 Could not open D:\
2019-08-03 22:39:08.774 Could not open LOGICAL:0004:00000000
2019-08-03 22:39:08.774 Could not open E:\
2019-08-03 22:39:08.974 Could not open PHYSICAL:0081:0000:0000:0001
2019-08-03 22:39:09.028 The following items will be cleaned up:
2019-08-03 22:39:09.028 Mal/Phish-A
2019-08-04 01:10:11.598 Threat 'Mal/Phish-A' has been cleaned up.
2019-08-04 01:10:11.598 File "C:\Users\blair\Documents\EVO\SDCARD BACKUPS\FEB11th2013\.Mail\1302274850838" belongs to malware 'Mal/Phish-A'.
2019-08-04 01:10:11.598 File "C:\Users\blair\Documents\EVO\SDCARD BACKUPS\FEB11th2013\.Mail\1302274850838" has been cleaned up.
2019-08-04 01:10:11.598 File "C:\Users\blair\Documents\EVO\SDCARD BACKUPS\JULY8TH2012\.Mail\1302274850838" belongs to malware 'Mal/Phish-A'.
2019-08-04 01:10:11.598 File "C:\Users\blair\Documents\EVO\SDCARD BACKUPS\JULY8TH2012\.Mail\1302274850838" has been cleaned up.
2019-08-04 01:10:11.598 Removal successful
2019-08-04 01:10:12.132 Error level 0
 

Broni

Malware Annihilator
Your computer is clean https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.
 

blairman

TS Booster
Yes, thank you Broni, Again you have saved the day. I was worried that there was something planted on the computer that was going to bite me and my wallet.