Inactive No Internet Even When PC is connected with WiFi

madhav04 · May 4, 2020

Hello,

I had a topic going on at techspot to resolve an issue with DNS. Please find reference below
/community/topics/few-websites-do-not-open-even-with-fast-internet-speed.261966/

Now, I am facing the below problem.

My pc shows no internet connection even though it is connected with the WiFi.
Other devices on the WiFi have internet connection.

I reset the ip from cmd. Restarted my pc. Restarted my router. Uninstalled my antivirus. Problem gets over. Internet comes again.

After 6 hours same problem. Same steps to resolve. Again after 6-7 hours, same problem comes.

Please guide. What to do.

Broni · May 4, 2020

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

madhav04 · May 5, 2020

Hi Broni... thanks for addressing the issue.

Below is the log of FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020

Ran by Mr.Perfect (administrator) on DESKTOP-J42I7TO (LENOVO 81HA) (05-05-2020 21:46:12)

Running from D:\Malware Remover

Loaded Profiles: Mr.Perfect (Available Profiles: Mr.Perfect & Administrator)

Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atieclxx.exe

(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atiesrxx.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe

(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe

(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe

(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>

(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <3>

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>

(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(Lenovo -> Lenovo) C:\Windows\System32\ymc.exe

(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe

(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>

(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Mr.Perfect\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ef793e242527b727\WTabletServiceISD.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [] => [X]

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [239520 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Run: [Opera Browser Assistant] => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-04-29] (Opera Software AS -> Opera Software)

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\MountPoints2: {14e22dbd-753d-11e9-bcb6-802bf9566fbc} - "E:\LaunchU3.exe"

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4622280 2020-03-11] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-30] (Google LLC -> Google LLC)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\81.1.8.86\Installer\chrmstp.exe [2020-05-01] (Brave Software, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07685EBC-EE71-4682-AB77-64CB415220BC} - System32\Tasks\Lenovo\Lenovo YMC Uninstall Task => C:\Windows\System32\YMC.exe [56048 2018-03-22] (Lenovo -> Lenovo)

Task: {1DAFDAC7-10E9-4C50-B8AC-3C65426A8585} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228880 2020-04-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {24AB70B8-5C03-44AC-B4C1-AECCE520A0C9} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32

Task: {32EA95C0-DB7A-4029-B421-2A7FDA7796AA} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-05-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )

Task: {3F36E110-8065-44E5-B138-B4D5DE2E5596} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3c140ec7-02e8-4d5c-92e9-0f1dabfe3c62 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

Task: {4974251B-419E-41AF-9DD1-9387EB2EBA3E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

Task: {59D8E58B-3796-4C7E-939B-68E512C3E6BA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService

Task: {688B9F9E-18F0-453E-A128-D485FB99ACF7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0210a35a-9661-4b32-9cae-13f5b4e3d4f4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

Task: {782A1BAC-3254-4164-903E-145ABAE9A125} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\af2eee37-14c7-4fcb-b5dc-20f8aa47c3d6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

Task: {7C9F7326-01B6-4772-B502-A6B77CCE9292} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759304 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

Task: {917EE578-174A-41F6-A065-E65855F97822} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)

Task: {930229C4-26F1-4FD6-B83A-052B7B0F32B7} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService

Task: {9D37F4D0-9690-4B68-A32D-1A4F50CFD92E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-12] (Google Inc -> Google LLC)

Task: {A0A49430-1C27-49F2-8E49-36B9F8F399C9} - System32\Tasks\Opera scheduled assistant Autoupdate 1567763949 => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\launcher.exe [1333784 2020-04-29] (Opera Software AS -> Opera Software)

Task: {A1C9D745-C411-4FBD-AC40-04F80D9EE8CC} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [158648 2020-03-31] (Lenovo -> Lenovo Group Ltd.)

Task: {A5C94572-2CFD-42AC-8155-B3639F04BCFC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\56cc1e85-7b3b-4159-8572-9cc8e9911789 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

Task: {B590F0EE-276D-4057-A570-F3EC2D92A698} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://

Task: {B5C66EBF-4961-478D-BE08-BC9252C94ED2} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {CED8AEA9-8696-4BF4-B5CB-5AA5FAD381EE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {D3CE7EE3-BB8A-447D-97D7-E4BCB44842D6} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

Task: {DEC8D9E3-2414-4829-9235-CBEF50FD77F6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

Task: {EBF8A9C3-C2AB-4E0D-AB9D-B38259C56CCE} - System32\Tasks\Opera scheduled Autoupdate 1566492851 => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\launcher.exe [1333784 2020-04-29] (Opera Software AS -> Opera Software)

Task: {F63DDC08-860E-4D53-99EC-ADF273D1C255} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-12] (Google Inc -> Google LLC)

Task: {FCEF59BA-736E-4DF1-8F17-FB45C40FC9C3} - System32\Tasks\App Explorer => C:\Users\Mr.Perfect\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{2d7f65dd-f8b8-495c-9bb5-54c662153162}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{f23fd1f2-8d3a-49bd-b63e-7fe5031ff5c3}: [DhcpNameServer] 150.202.1.3

Internet Explorer:

==================

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE

SearchScopes: HKU\S-1-5-21-1725937500-1179077273-3923897831-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

SearchScopes: HKU\S-1-5-21-1725937500-1179077273-3923897831-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

Edge:

======

DownloadDir: C:\Users\Mr.Perfect\Downloads

FireFox:

========

FF ProfilePath: C:\Users\Mr.Perfect\AppData\Roaming\Mozilla\Firefox\Profiles\HfK4NoGz.default [2019-08-22]

FF Extension: (Avira Password Manager) - C:\Users\Mr.Perfect\AppData\Roaming\Mozilla\Firefox\Profiles\HfK4NoGz.default\Extensions\passwordmanager@avira.com [2019-08-22]

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1725937500-1179077273-3923897831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Mr.Perfect\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:

=======

CHR Profile: C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default [2020-05-05]

CHR Extension: (Slides) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-12]

CHR Extension: (Docs) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-12]

CHR Extension: (Google Drive) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-12]

CHR Extension: (YouTube) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-12]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-09]

CHR Extension: (Sheets) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-12]

CHR Extension: (Google Docs Offline) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-22]

CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]

CHR Extension: (Gmail) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]

CHR Extension: (Chrome Media Router) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-12]

CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]

CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]

CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera:

=======

OPR Extension: (Avira Browser Safety) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2020-01-19]

OPR Extension: (Avira Password Manager) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2020-04-15]

OPR Extension: (Free Avira Phantom VPN – Unblock Websites) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2019-08-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atiesrxx.exe [515504 2019-05-29] (Advanced Micro Devices, Inc. -> AMD)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1209000 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535960 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484160 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484160 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [576368 2020-05-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634896 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [382992 2020-03-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [243288 2020-04-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)

R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398352 2018-06-21] (Dolby Laboratories, Inc. -> )

R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)

R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)

R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe [18696 2020-03-10] (Lenovo -> Lenovo Group Ltd.)

S4 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)

R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [678376 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WTabletServiceISD; C:\WINDOWS\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ef793e242527b727\WTabletServiceISD.exe [4116416 2018-05-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)

R2 YMC; C:\WINDOWS\System32\ymc.exe [56048 2018-03-22] (Lenovo -> Lenovo)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1368992 2019-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)

R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [352048 2019-05-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)

R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [61728 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atikmdag.sys [53520816 2019-05-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atikmpag.sys [600496 2019-05-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [146304 2019-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )

R1 amdsfhkmdf; C:\WINDOWS\System32\drivers\amdsfhkmdfi2c.sys [39384 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

R3 amdsfhspbi2c; C:\WINDOWS\System32\drivers\amdsfhspbi2c.sys [47040 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208632 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [200072 2018-05-10] (Genesys Logic, Inc. -> Genesys Logic)

R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)

R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [766896 2018-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)

S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [433096 2018-06-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)

R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11419944 2019-03-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )

R3 WacHIDRouterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISD.sys [85440 2018-05-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-05-04] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 21:45 - 2020-05-05 21:46 - 000000000 ____D C:\FRST

2020-05-05 11:57 - 2020-05-05 12:03 - 000010710 _____ C:\Users\Mr.Perfect\Desktop\PO-Nexo.xlsx

2020-05-05 10:02 - 2020-05-05 10:02 - 000069032 _____ C:\Users\Mr.Perfect\Desktop\XP-18020-22827664_redacted.pdf

2020-05-05 00:54 - 2020-05-05 00:54 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\RO Elements - Copy

2020-05-05 00:54 - 2020-05-05 00:54 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\CrownRO Lite v1.1

2020-05-05 00:32 - 2020-05-05 00:32 - 000000000 ____D C:\Users\Public\Security Sessions

2020-05-05 00:27 - 2020-05-05 00:27 - 000003572 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update

2020-05-05 00:26 - 2020-05-05 00:26 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray

2020-05-05 00:26 - 2020-04-30 12:37 - 000208632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2020-05-05 00:26 - 2020-04-30 12:37 - 000199752 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

2020-05-05 00:26 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys

2020-05-05 00:26 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys

2020-05-05 00:26 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys

2020-05-05 00:26 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys

2020-05-05 00:26 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys

2020-05-04 22:33 - 2020-05-05 21:40 - 000000000 ____D C:\Users\Public\Speedup Sessions

2020-05-04 22:33 - 2020-05-04 22:33 - 000003786 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate

2020-05-04 22:18 - 2020-05-05 00:27 - 000000000 ____D C:\ProgramData\Avira

2020-05-04 22:18 - 2020-05-05 00:27 - 000000000 ____D C:\Program Files (x86)\Avira

2020-05-04 22:18 - 2020-05-05 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2020-05-04 19:44 - 2020-05-04 19:44 - 000230080 _____ (AVAST Software) C:\Users\Mr.Perfect\Downloads\avast_free_antivirus_setup_online.exe

2020-05-04 19:42 - 2020-05-04 19:43 - 004342776 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mr.Perfect\Downloads\avira_en_sptl1_5eb022d9d97aa__pavwws-spotlight-release.exe

2020-05-04 10:35 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Roaming\webex

2020-05-04 10:33 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\LocalLow\WebEx

2020-05-04 10:33 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\WebEx

2020-05-03 21:41 - 2020-05-03 21:41 - 000000000 ____D C:\Users\Mr.Perfect\Documents\TikGames

2020-05-02 15:48 - 2020-05-02 15:48 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\__SHARED

2020-05-01 09:28 - 2020-05-01 10:06 - 000000000 ____D C:\Users\Mr.Perfect\Desktop\ipconfig

2020-04-30 14:43 - 2020-04-30 14:43 - 000159721 _____ C:\Users\Mr.Perfect\Downloads\WhatsApp Image 2020-04-25 at 4.36.41 PM.jpeg

2020-04-30 14:43 - 2020-04-30 14:43 - 000054339 _____ C:\Users\Mr.Perfect\Downloads\WhatsApp Image 2020-04-25 at 4.32.29 PM.jpeg

2020-04-29 17:45 - 2020-04-29 17:51 - 156607690 _____ C:\Users\Mr.Perfect\Downloads\CrownRO Lite v1.1.rar

2020-04-29 15:53 - 2020-04-29 15:54 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Mr.Perfect\Downloads\spybotsd-2.8.68.0.exe

2020-04-26 10:03 - 2020-04-26 10:03 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

2020-04-25 13:48 - 2020-04-25 13:48 - 000148480 _____ C:\Users\Mr.Perfect\Downloads\buyrent.xls

2020-04-24 16:25 - 2020-04-24 16:25 - 001619679 _____ C:\Users\Mr.Perfect\Desktop\Sourcing Services (1).pptx

2020-04-24 10:46 - 2020-04-24 10:46 - 000798958 _____ C:\Users\Mr.Perfect\Desktop\BlueOceanConsulting.pdf

2020-04-23 18:29 - 2020-04-23 18:29 - 000704945 _____ C:\Users\Mr.Perfect\Downloads\Commercial Vehicle, North America.pdf

2020-04-23 01:37 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe

2020-04-23 01:37 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe

2020-04-23 01:27 - 2020-04-23 01:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avira

2020-04-22 23:14 - 2020-04-22 23:14 - 000077790 _____ C:\Users\Mr.Perfect\Downloads\2020-03-WIP (1).xlsx

2020-04-21 20:51 - 2020-04-21 20:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms

2020-04-21 20:40 - 2020-04-21 20:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Lenovo

2020-04-21 20:38 - 2020-04-21 20:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder

2020-04-21 20:37 - 2020-04-21 20:38 - 000000000 ___RD C:\Users\Administrator\OneDrive

2020-04-21 20:36 - 2020-04-21 20:36 - 000001450 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk

2020-04-21 20:36 - 2020-04-21 20:36 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD

2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups

2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers

2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge

2020-04-21 20:34 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe

2020-04-21 20:34 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages

2020-04-21 20:34 - 2020-04-21 21:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache

2020-04-21 20:34 - 2020-04-21 20:38 - 000002398 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2020-04-21 20:34 - 2020-04-21 20:37 - 000000000 ____D C:\Users\Administrator

2020-04-21 20:34 - 2020-04-21 20:36 - 000002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk

2020-04-21 20:34 - 2020-04-21 20:34 - 000002460 _____ C:\Users\Administrator\Desktop\Brave.lnk

2020-04-21 20:34 - 2020-04-21 20:34 - 000000020 ___SH C:\Users\Administrator\ntuser.ini

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ___RD C:\Users\Administrator\3D Objects

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\BraveSoftware

2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD

2020-04-21 20:34 - 2019-05-13 10:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Host App Service

2020-04-21 15:13 - 2020-05-04 20:00 - 000011614 _____ C:\Users\Mr.Perfect\Desktop\Shares.xlsx

2020-04-21 13:52 - 2020-04-21 13:52 - 000008293 _____ C:\Users\Mr.Perfect\Downloads\cnote.zip

2020-04-20 12:05 - 2020-04-20 12:05 - 000496205 _____ C:\Users\Mr.Perfect\Downloads\Unit_Statement_20-10-2019-20-04-2020.pdf

2020-04-19 14:27 - 2020-04-19 14:31 - 101674976 _____ (SpendMap) C:\Users\Mr.Perfect\Downloads\SpendMap-2018-SETUP.EXE

2020-04-19 11:10 - 2020-04-19 11:10 - 002678357 _____ C:\Users\Mr.Perfect\Downloads\Chinese-Investments-in-India-Report_2020_Final.pdf.pdf

2020-04-18 22:38 - 2020-04-18 22:41 - 000009348 _____ C:\Users\Mr.Perfect\Desktop\Shree Supplier.xlsx

2020-04-18 00:50 - 2020-04-18 00:50 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2020-04-18 00:50 - 2020-04-18 00:50 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2020-04-18 00:50 - 2020-04-18 00:50 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl

2020-04-18 00:50 - 2020-04-18 00:50 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2020-04-18 00:50 - 2020-04-18 00:50 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll

madhav04 · May 5, 2020

FRST.txt continued...

2020-04-18 00:50 - 2020-04-18 00:50 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys

2020-04-18 00:50 - 2020-04-18 00:50 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000066624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000050544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe

2020-04-18 00:50 - 2020-04-18 00:50 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin

2020-04-18 00:50 - 2020-04-18 00:50 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

2020-04-18 00:49 - 2020-04-18 00:50 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 017790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 003708928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002126144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2020-04-18 00:49 - 2020-04-18 00:49 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001480192 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001413704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000915192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000879616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000637240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000589384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2020-04-18 00:49 - 2020-04-18 00:49 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000459688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000152408 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000142544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000115120 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys

2020-04-18 00:49 - 2020-04-18 00:49 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe

2020-04-18 00:49 - 2020-04-18 00:49 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll

2020-04-18 00:49 - 2020-04-18 00:49 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll

2020-04-18 00:39 - 2020-04-18 00:39 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2020-04-18 00:39 - 2020-04-18 00:39 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2020-04-16 21:04 - 2020-04-16 21:04 - 001645820 _____ C:\WINDOWS\Minidump\041620-10796-01.dmp

2020-04-16 11:24 - 2020-04-16 11:24 - 003812633 _____ C:\Users\Mr.Perfect\Downloads\Cost_Intelligence_Report_Mar_2020.pdf

2020-04-15 15:01 - 2020-04-15 15:01 - 013026472 _____ C:\Users\Mr.Perfect\Downloads\WhatsApp Video 2020-04-15 at 3.01.36 PM.mp4

2020-04-14 10:17 - 2020-04-14 13:16 - 000011530 _____ C:\Users\Mr.Perfect\Desktop\March 2020.xlsx

2020-04-13 23:24 - 2020-04-16 16:01 - 000000000 ____D C:\m

2020-04-12 18:15 - 2020-04-12 18:15 - 000666706 _____ C:\Users\Mr.Perfect\Downloads\iwc report pics.pptx

2020-04-09 14:22 - 2020-04-09 14:22 - 000596447 _____ C:\Users\Mr.Perfect\Downloads\Old Hindi Movies.pdf

2020-04-08 15:40 - 2020-04-26 09:57 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\Europe Pics - Shortlisted

2020-04-06 17:50 - 2020-04-06 17:50 - 000129180 _____ C:\Users\Mr.Perfect\Desktop\BOG.pptx

2020-04-06 17:46 - 2020-04-06 17:46 - 001487092 _____ C:\WINDOWS\Minidump\040620-8312-01.dmp

2020-04-06 11:11 - 2020-04-06 12:58 - 000001154 _____ C:\Users\Mr.Perfect\Desktop\MavelVista.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-05 21:45 - 2019-09-06 21:40 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\opera autoupdate

2020-05-05 20:32 - 2019-09-20 16:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2020-05-05 20:32 - 2019-03-19 10:22 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2020-05-05 16:28 - 2019-05-13 11:28 - 000000000 ___RD C:\Users\Mr.Perfect\OneDrive

2020-05-05 09:18 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\AppReadiness

2020-05-05 09:17 - 2019-05-13 11:09 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\Host App Service

2020-05-05 04:05 - 2019-03-19 10:22 - 000000000 ___HD C:\Program Files\WindowsApps

2020-05-05 00:32 - 2019-08-22 22:33 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\Avira

2020-05-05 00:26 - 2019-03-19 10:22 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2020-05-04 23:31 - 2019-08-24 15:51 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\D3DSCache

2020-05-04 22:38 - 2019-03-19 10:20 - 000000000 ____D C:\WINDOWS\INF

2020-05-04 22:18 - 2018-10-05 19:12 - 000000000 ____D C:\ProgramData\Package Cache

2020-05-04 21:50 - 2019-09-20 17:03 - 000795992 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2020-05-04 21:20 - 2019-09-20 16:57 - 000000000 ____D C:\Users\Mr.Perfect

2020-05-04 21:18 - 2019-09-20 17:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2020-05-04 20:48 - 2019-03-19 10:07 - 001048576 _____ C:\WINDOWS\system32\config\BBI

2020-05-04 20:27 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\system32\NDF

2020-05-04 15:28 - 2018-04-18 00:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2020-05-04 13:26 - 2019-07-13 09:07 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2020-05-04 04:03 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\LiveKernelReports

2020-05-01 21:03 - 2019-09-20 17:05 - 000004246 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1566492851

2020-05-01 21:03 - 2019-08-22 22:24 - 000001481 _____ C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk

2020-05-01 00:07 - 2019-07-05 15:59 - 000002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk

2020-04-30 23:29 - 2019-08-22 22:05 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\ElevatedDiagnostics

2020-04-30 21:36 - 2019-07-26 09:58 - 000022013 _____ C:\Users\Mr.Perfect\Desktop\To Do List.xlsx

2020-04-30 09:59 - 2019-05-12 23:17 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2020-04-30 08:46 - 2019-09-20 17:05 - 000004510 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1567763949

2020-04-30 08:38 - 2019-05-13 11:26 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\ConnectedDevicesPlatform

2020-04-29 13:09 - 2019-07-30 09:39 - 001272475 _____ C:\Users\Mr.Perfect\Desktop\BlueOceanGlobal.pdf

2020-04-28 17:49 - 2019-08-29 13:30 - 000025268 _____ C:\Users\Mr.Perfect\Desktop\Supplier Status Report.xlsx

2020-04-26 10:03 - 2020-04-04 21:08 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Roaming\Zoom

2020-04-25 23:26 - 2017-05-19 08:48 - 000000000 ____D C:\Users\Mr.Perfect\Documents\mine

2020-04-24 11:05 - 2019-07-03 12:48 - 000000000 ____D C:\Users\Mr.Perfect\Desktop\Blue Ocean

2020-04-21 20:34 - 2019-03-19 10:22 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2020-04-21 20:34 - 2018-04-18 00:33 - 000000000 __RHD C:\Users\Public\AccountPictures

2020-04-20 17:32 - 2019-07-04 07:45 - 000000000 ____D C:\Users\Mr.Perfect\Desktop\Working Folder

2020-04-18 03:23 - 2019-09-20 16:55 - 000266208 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\SystemResources

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\system32\migwiz

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\ShellExperiences

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\Provisioning

2020-04-18 03:22 - 2019-03-19 10:22 - 000000000 ____D C:\WINDOWS\bcastdvr

2020-04-18 00:53 - 2019-03-19 10:07 - 000000000 ____D C:\WINDOWS\CbsTemp

2020-04-16 21:04 - 2019-09-20 23:27 - 1495672755 _____ C:\WINDOWS\MEMORY.DMP

2020-04-16 21:04 - 2019-09-20 23:27 - 000000000 ____D C:\WINDOWS\Minidump

2020-04-15 16:57 - 2019-08-31 06:17 - 000000067 _____ C:\Users\Mr.Perfect\Desktop\CompaniesToExplore.txt

2020-04-15 16:16 - 2019-09-20 17:05 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1725937500-1179077273-3923897831-1001

2020-04-15 16:16 - 2019-09-20 16:57 - 000002393 _____ C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2020-04-15 01:12 - 2019-05-13 11:26 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\Packages

2020-04-08 01:57 - 2019-11-30 11:42 - 000000000 ____D C:\Users\Mr.Perfect\Desktop\Unostar

==================== Files in the root of some directories ========

2019-10-08 03:09 - 2019-10-08 03:09 - 009256960 _____ () C:\Program Files (x86)\GUTD3E0.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

madhav04 · May 5, 2020

Addition.txt ...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020

Ran by Mr.Perfect (05-05-2020 21:48:14)

Running from D:\Malware Remover

Windows 10 Home Version 1903 18362.778 (X64) (2019-09-20 11:35:51)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1725937500-1179077273-3923897831-500 - Administrator - Enabled) => C:\Users\Administrator

DefaultAccount (S-1-5-21-1725937500-1179077273-3923897831-503 - Limited - Disabled)

Guest (S-1-5-21-1725937500-1179077273-3923897831-501 - Limited - Disabled)

Mr.Perfect (S-1-5-21-1725937500-1179077273-3923897831-1001 - Administrator - Enabled) => C:\Users\Mr.Perfect

WDAGUtilityAccount (S-1-5-21-1725937500-1179077273-3923897831-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)

AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1004.2349.42886 - Advanced Micro Devices, Inc.)

Avira (HKLM-x32\...\{CAB70370-888E-4D62-B5D5-DA7982585C46}) (Version: 1.2.145.25926 - Avira Operations GmbH & Co. KG) Hidden

Avira (HKLM-x32\...\{e636e084-c7ab-4246-8ad2-aa1bb1cbedfd}) (Version: 1.2.145.25926 - Avira Operations GmbH & Co. KG)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2005.1866 - Avira Operations GmbH & Co. KG)

Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.32.2.34115 - Avira Operations GmbH & Co. KG)

Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.27.9291 - Avira Operations GmbH & Co. KG)

Avira Software Updater (HKLM-x32\...\{6BAE2CD1-EFB3-48A0-9DC4-7720086B4B65}) (Version: 2.0.6.31130 - Avira Operations GmbH & Co. KG)

Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.4.1.10871 - Avira Operations GmbH & Co. KG)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 81.1.8.86 - Brave Software Inc)

Cisco Webex Meetings (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\ActiveTouchMeetingClient) (Version: 40.2.8 - Cisco Webex LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden

Lenovo App Explorer (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Host App Service) (Version: 0.273.3.730 - SweetLabs for Lenovo)

Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.5.1.31 - Wacom Technology Corp.)

Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.2.93.0 - Lenovo Group Ltd.)

Microsoft OneDrive (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)

Nymgo (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Nymgo) (Version: 5.5.76 - Nymgo S.A.)

Opera Stable 68.0.3618.63 (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Opera 68.0.3618.63) (Version: 68.0.3618.63 - Opera Software)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden

Zoom (HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:

=========

AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2019-09-23] (Advanced Micro Devices Inc.)

Asphalt 8: Airborne -> C:\Program Files\WindowsApps\GAMELOFTSA.Asphalt8Airborne_4.9.0.10_x86__0pp20fcewvvtj [2020-03-27] (GAMELOFT SA)

Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1002.243.0_x64__rz1tebttyb220 [2019-05-13] (Dolby Laboratories)

Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.6.59.0_x64__ss941bf8mfs8a [2020-04-02] (Wacom Technology Corp.)

Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2003.10.0_x64__k1h2ywk1493x8 [2020-03-27] (LENOVO INC.)

LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4 [2020-01-05] (LENOVO INC) [Startup Task]

LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-07-03] (LinkedIn)

Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-03] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-03] (Microsoft Corporation) [MS Ad]

Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.10406.5039.0_x64__8wekyb3d8bbwe [2020-05-01] (Microsoft Corporation)

Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12624.20466.0_x86__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)

MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation)

MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-27] (Microsoft Corporation) [MS Ad]

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-07-23] (Realtek Semiconductor Corp)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0 [2020-04-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1725937500-1179077273-3923897831-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default

ShortcutWithArgument: C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2018-06-28 14:16 - 2018-06-28 14:16 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL

2018-06-28 14:16 - 2018-06-28 14:16 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll

2019-11-10 00:04 - 2019-02-21 21:30 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

2020-04-03 17:48 - 2019-10-27 06:41 - 001631744 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\x64\SQLite.Interop.dll

2020-04-11 11:33 - 2019-10-27 06:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll

2020-03-12 18:39 - 2020-03-12 18:39 - 000913920 _____ (ServiceStack) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\522aeaee8c19c7104b15b25bc1271e82\ServiceStack.Text.ni.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll

2018-10-04 23:47 - 2018-10-04 23:47 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

2018-06-28 14:16 - 2018-06-28 14:16 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 05:08 - 2020-05-04 13:11 - 000000824 ____R C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AviraOptimizerHost => 2

MSCONFIG\Services: AviraPhantomVPN => 2

MSCONFIG\Services: McSecDashboardService => 3

HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A94BCA9B-3BEA-4000-82E3-76C2E0A095C2}C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe] => (Allow) C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe () [File not signed]

FirewallRules: [UDP Query User{098CE4EF-1B3D-4E4B-996D-5F0B05073EFB}C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe] => (Allow) C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe () [File not signed]

FirewallRules: [TCP Query User{86C11F90-3591-4C72-AE45-5F646C7B8E36}C:\users\mr.perfect\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\mr.perfect\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe No File

FirewallRules: [UDP Query User{559EA745-6195-4650-8417-BA41693B7F0A}C:\users\mr.perfect\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\mr.perfect\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe No File

FirewallRules: [TCP Query User{AB1B935A-EEBA-414F-A3A1-1B9498F549AB}C:\users\mr.perfect\downloads\anydesk.exe] => (Allow) C:\users\mr.perfect\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

FirewallRules: [UDP Query User{8B08EB52-CFA1-44E9-B3A7-34A973EDFBEC}C:\users\mr.perfect\downloads\anydesk.exe] => (Allow) C:\users\mr.perfect\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)

FirewallRules: [TCP Query User{49F9AF66-4AF9-4E9F-8FDC-F9785C6C0801}C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe] => (Allow) C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe () [File not signed]

FirewallRules: [UDP Query User{037EEF13-A03D-4A0D-9AFB-F6273251B54B}C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe] => (Allow) C:\users\mr.perfect\appdata\roaming\nymgo\nymgo.exe () [File not signed]

FirewallRules: [{87A65CF9-578E-4598-935C-855572F05B0E}] => (Allow) C:\Users\Mr.Perfect\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{504C5471-25B6-4E48-BF6A-55627D453A0A}] => (Allow) C:\Users\Mr.Perfect\AppData\Roaming\Zoom\bin\airhost.exe No File

FirewallRules: [{27517279-B0DE-4081-83AB-775F75BADC34}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12624.20466.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{0940BFAE-2676-48BE-8111-691606173B21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{BFF2E709-D457-486C-8993-42B7B09AD4BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{334589D4-CD4B-4CEF-8AA9-BEA31FF5BDF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{24AEB3D7-A1C3-4B54-AF8B-8700C6AE0A76}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{3101A3A7-AE9A-4A08-8AEC-E9029561A349}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{9CB5E91D-AEDD-42DE-850A-E030D7DD9429}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{A65AEC5D-6FB2-489F-98D1-9A4E82D43CBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{E8706EC3-6B6F-40CC-97F5-4C1B8D4928DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.131.703.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{7544712A-8C65-4F91-99F7-3A1EC0418255}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{25598BBA-5ED3-49E8-AEC1-B8B7BB7C52A1}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

FirewallRules: [{DBF4DB8F-12AC-4F7B-9ACB-A316BE396194}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{ECFBAB2A-744A-4399-9211-DD94934CCB9D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

FirewallRules: [{96A86CC4-77EA-46D1-8A78-488E83F23A6D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

25-04-2020 22:32:38 Scheduled Checkpoint

04-05-2020 11:42:38 Removed Avira Software Updater

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (05/05/2020 09:40:32 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)

Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (05/05/2020 08:15:05 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (7608,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 07:13:51 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (7772,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 06:18:30 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (8808,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 06:11:59 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (8976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 05:19:47 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (17472,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 04:16:36 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (9052,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/05/2020 03:14:21 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (5304,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:

=============

Error: (05/05/2020 08:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/05/2020 08:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/05/2020 08:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/05/2020 08:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/05/2020 08:33:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/05/2020 01:39:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10).

Error: (05/04/2020 10:01:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-J42I7TO)

Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (05/04/2020 09:18:24 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 8:49:10 PM on ‎5/‎4/‎2020 was unexpected.

Windows Defender:

===================================

Date: 2020-05-04 20:29:58.748

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.313.2877.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16900.4

Error code: 0x80240438

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-05-04 13:19:09.481

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.299.2581.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2020-05-04 13:19:09.479

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.299.2581.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiSpyware

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2020-05-04 13:19:09.478

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.299.2581.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2020-05-04 13:19:09.462

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.299.2581.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

CodeIntegrity:

===================================

Date: 2020-05-04 11:43:20.888

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-07 10:52:09.637

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-02-19 10:13:13.415

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-11-20 10:35:13.883

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-18 10:59:45.311

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-14 07:59:21.137

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-10-02 09:41:08.884

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-09-23 10:57:42.606

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8MCN45WW 08/17/2018

Motherboard: LENOVO LNVNB161216

Processor: AMD Ryzen 5 2500U with Radeon Vega Mobile Gfx

Percentage of memory in use: 54%

Total physical RAM: 7734.58 MB

Available physical RAM: 3495.91 MB

Total Virtual: 13622.58 MB

Available Virtual: 8105.24 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:129.81 GB) (Free:48.18 GB) NTFS

Drive d: (Madhav) (Fixed) (Total:107.42 GB) (Free:11.36 GB) NTFS

\\?\Volume{457a3bad-5962-4c46-b98c-5109e73cabfb}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.55 GB) NTFS

\\?\Volume{b530dbca-3d14-44c9-af4b-0a23a2f508df}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 238.5 GB) (Disk ID: 365F1F12)

Partition: GPT.

==================== End of Addition.txt =======================

Broni · May 5, 2020

I don't see anything malicious there.
I suggest you return to your original topic.
Good luck

madhav04 · May 5, 2020

Thanks Broni

Broni · May 5, 2020

You're very welcome

Inactive No Internet Even When PC is connected with WiFi

madhav04

Posts: 86 +0

Broni

Posts: 56,041 +516

madhav04

Posts: 86 +0

madhav04

Posts: 86 +0

madhav04

Posts: 86 +0

Broni

Posts: 56,041 +516

madhav04

Posts: 86 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts