Hi Broni... thanks for addressing the issue.
Below is the log of FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2020
Ran by Mr.Perfect (administrator) on DESKTOP-J42I7TO (LENOVO 81HA) (05-05-2020 21:46:12)
Running from D:\Malware Remover
Loaded Profiles: Mr.Perfect (Available Profiles: Mr.Perfect & Administrator)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atiesrxx.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <10>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C:\Windows\System32\ymc.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.4.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Mr.Perfect\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ef793e242527b727\WTabletServiceISD.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [239520 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331368 2020-01-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Run: [Opera Browser Assistant] => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3004440 2020-04-29] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\MountPoints2: {14e22dbd-753d-11e9-bcb6-802bf9566fbc} - "E:\LaunchU3.exe"
HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [4622280 2020-03-11] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-30] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\81.1.8.86\Installer\chrmstp.exe [2020-05-01] (Brave Software, Inc.) [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07685EBC-EE71-4682-AB77-64CB415220BC} - System32\Tasks\Lenovo\Lenovo YMC Uninstall Task => C:\Windows\System32\YMC.exe [56048 2018-03-22] (Lenovo -> Lenovo)
Task: {1DAFDAC7-10E9-4C50-B8AC-3C65426A8585} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [228880 2020-04-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {24AB70B8-5C03-44AC-B4C1-AECCE520A0C9} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {32EA95C0-DB7A-4029-B421-2A7FDA7796AA} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27848432 2020-05-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {3F36E110-8065-44E5-B138-B4D5DE2E5596} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3c140ec7-02e8-4d5c-92e9-0f1dabfe3c62 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {4974251B-419E-41AF-9DD1-9387EB2EBA3E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {59D8E58B-3796-4C7E-939B-68E512C3E6BA} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {688B9F9E-18F0-453E-A128-D485FB99ACF7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0210a35a-9661-4b32-9cae-13f5b4e3d4f4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {782A1BAC-3254-4164-903E-145ABAE9A125} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\af2eee37-14c7-4fcb-b5dc-20f8aa47c3d6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {7C9F7326-01B6-4772-B502-A6B77CCE9292} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2759304 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {917EE578-174A-41F6-A065-E65855F97822} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {930229C4-26F1-4FD6-B83A-052B7B0F32B7} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {9D37F4D0-9690-4B68-A32D-1A4F50CFD92E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-12] (Google Inc -> Google LLC)
Task: {A0A49430-1C27-49F2-8E49-36B9F8F399C9} - System32\Tasks\Opera scheduled assistant Autoupdate 1567763949 => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\launcher.exe [1333784 2020-04-29] (Opera Software AS -> Opera Software)
Task: {A1C9D745-C411-4FBD-AC40-04F80D9EE8CC} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [158648 2020-03-31] (Lenovo -> Lenovo Group Ltd.)
Task: {A5C94572-2CFD-42AC-8155-B3639F04BCFC} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\56cc1e85-7b3b-4159-8572-9cc8e9911789 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {B590F0EE-276D-4057-A570-F3EC2D92A698} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {B5C66EBF-4961-478D-BE08-BC9252C94ED2} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CED8AEA9-8696-4BF4-B5CB-5AA5FAD381EE} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D3CE7EE3-BB8A-447D-97D7-E4BCB44842D6} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DEC8D9E3-2414-4829-9235-CBEF50FD77F6} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {EBF8A9C3-C2AB-4E0D-AB9D-B38259C56CCE} - System32\Tasks\Opera scheduled Autoupdate 1566492851 => C:\Users\Mr.Perfect\AppData\Local\Programs\Opera\launcher.exe [1333784 2020-04-29] (Opera Software AS -> Opera Software)
Task: {F63DDC08-860E-4D53-99EC-ADF273D1C255} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-05-12] (Google Inc -> Google LLC)
Task: {FCEF59BA-736E-4DF1-8F17-FB45C40FC9C3} - System32\Tasks\App Explorer => C:\Users\Mr.Perfect\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-07] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2d7f65dd-f8b8-495c-9bb5-54c662153162}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f23fd1f2-8d3a-49bd-b63e-7fe5031ff5c3}: [DhcpNameServer] 150.202.1.3
Internet Explorer:
==================
HKU\S-1-5-21-1725937500-1179077273-3923897831-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-1725937500-1179077273-3923897831-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1725937500-1179077273-3923897831-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
Edge:
======
DownloadDir: C:\Users\Mr.Perfect\Downloads
FireFox:
========
FF ProfilePath: C:\Users\Mr.Perfect\AppData\Roaming\Mozilla\Firefox\Profiles\HfK4NoGz.default [2019-08-22]
FF Extension: (Avira Password Manager) - C:\Users\Mr.Perfect\AppData\Roaming\Mozilla\Firefox\Profiles\HfK4NoGz.default\Extensions\
passwordmanager@avira.com [2019-08-22]
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1725937500-1179077273-3923897831-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Mr.Perfect\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default [2020-05-05]
CHR Extension: (Slides) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-12]
CHR Extension: (Docs) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-12]
CHR Extension: (Google Drive) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-12]
CHR Extension: (YouTube) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-09]
CHR Extension: (Sheets) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-22]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Mr.Perfect\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-12]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
Opera:
=======
OPR Extension: (Avira Browser Safety) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2020-01-19]
OPR Extension: (Avira Password Manager) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2020-04-15]
OPR Extension: (Free Avira Phantom VPN – Unblock Websites) - C:\Users\Mr.Perfect\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2019-08-23]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atiesrxx.exe [515504 2019-05-29] (Advanced Micro Devices, Inc. -> AMD)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1209000 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [535960 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484160 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484160 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [576368 2020-05-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634896 2020-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989888 2020-01-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [382992 2020-03-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [243288 2020-04-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161552 2020-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-07-05] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398352 2018-06-21] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.2.93.0\LenovoVantageService.exe [18696 2020-03-10] (Lenovo -> Lenovo Group Ltd.)
S4 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-05-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [678376 2018-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WTabletServiceISD; C:\WINDOWS\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_ef793e242527b727\WTabletServiceISD.exe [4116416 2018-05-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)
R2 YMC; C:\WINDOWS\System32\ymc.exe [56048 2018-03-22] (Lenovo -> Lenovo)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdacpbus; C:\WINDOWS\System32\drivers\amdacpbus.sys [1368992 2019-04-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 amdacpksl; C:\WINDOWS\system32\drivers\amdacpksl.sys [352048 2019-05-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34568 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [61728 2019-04-18] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atikmdag.sys [53520816 2019-05-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0342918.inf_amd64_e1e1f19d42293c2a\B342294\atikmpag.sys [600496 2019-05-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [146304 2019-04-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R1 amdsfhkmdf; C:\WINDOWS\System32\drivers\amdsfhkmdfi2c.sys [39384 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdsfhspbi2c; C:\WINDOWS\System32\drivers\amdsfhspbi2c.sys [47040 2018-10-03] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-11] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [108152 2019-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208632 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [200072 2018-05-10] (Genesys Logic, Inc. -> Genesys Logic)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [766896 2018-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [433096 2018-06-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11419944 2019-03-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 WacHIDRouterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISD.sys [85440 2018-05-23] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [394680 2020-05-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-05 21:45 - 2020-05-05 21:46 - 000000000 ____D C:\FRST
2020-05-05 11:57 - 2020-05-05 12:03 - 000010710 _____ C:\Users\Mr.Perfect\Desktop\PO-Nexo.xlsx
2020-05-05 10:02 - 2020-05-05 10:02 - 000069032 _____ C:\Users\Mr.Perfect\Desktop\XP-18020-22827664_redacted.pdf
2020-05-05 00:54 - 2020-05-05 00:54 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\RO Elements - Copy
2020-05-05 00:54 - 2020-05-05 00:54 - 000000000 ____D C:\Users\Mr.Perfect\Downloads\CrownRO Lite v1.1
2020-05-05 00:32 - 2020-05-05 00:32 - 000000000 ____D C:\Users\Public\Security Sessions
2020-05-05 00:27 - 2020-05-05 00:27 - 000003572 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2020-05-05 00:26 - 2020-05-05 00:26 - 000003374 _____ C:\WINDOWS\system32\Tasks\Avira_Antivirus_Systray
2020-05-05 00:26 - 2020-04-30 12:37 - 000208632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2020-05-05 00:26 - 2020-04-30 12:37 - 000199752 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2020-05-05 00:26 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2020-05-05 00:26 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2020-05-05 00:26 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2020-05-05 00:26 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2020-05-05 00:26 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avelam.sys
2020-05-04 22:33 - 2020-05-05 21:40 - 000000000 ____D C:\Users\Public\Speedup Sessions
2020-05-04 22:33 - 2020-05-04 22:33 - 000003786 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
2020-05-04 22:18 - 2020-05-05 00:27 - 000000000 ____D C:\ProgramData\Avira
2020-05-04 22:18 - 2020-05-05 00:27 - 000000000 ____D C:\Program Files (x86)\Avira
2020-05-04 22:18 - 2020-05-05 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-05-04 19:44 - 2020-05-04 19:44 - 000230080 _____ (AVAST Software) C:\Users\Mr.Perfect\Downloads\avast_free_antivirus_setup_online.exe
2020-05-04 19:42 - 2020-05-04 19:43 - 004342776 _____ (Avira Operations GmbH & Co. KG) C:\Users\Mr.Perfect\Downloads\avira_en_sptl1_5eb022d9d97aa__pavwws-spotlight-release.exe
2020-05-04 10:35 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Roaming\webex
2020-05-04 10:33 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\LocalLow\WebEx
2020-05-04 10:33 - 2020-05-04 10:35 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\WebEx
2020-05-03 21:41 - 2020-05-03 21:41 - 000000000 ____D C:\Users\Mr.Perfect\Documents\TikGames
2020-05-02 15:48 - 2020-05-02 15:48 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Local\__SHARED
2020-05-01 09:28 - 2020-05-01 10:06 - 000000000 ____D C:\Users\Mr.Perfect\Desktop\ipconfig
2020-04-30 14:43 - 2020-04-30 14:43 - 000159721 _____ C:\Users\Mr.Perfect\Downloads\WhatsApp Image 2020-04-25 at 4.36.41 PM.jpeg
2020-04-30 14:43 - 2020-04-30 14:43 - 000054339 _____ C:\Users\Mr.Perfect\Downloads\WhatsApp Image 2020-04-25 at 4.32.29 PM.jpeg
2020-04-29 17:45 - 2020-04-29 17:51 - 156607690 _____ C:\Users\Mr.Perfect\Downloads\CrownRO Lite v1.1.rar
2020-04-29 15:53 - 2020-04-29 15:54 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Mr.Perfect\Downloads\spybotsd-2.8.68.0.exe
2020-04-26 10:03 - 2020-04-26 10:03 - 000000000 ____D C:\Users\Mr.Perfect\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-25 13:48 - 2020-04-25 13:48 - 000148480 _____ C:\Users\Mr.Perfect\Downloads\buyrent.xls
2020-04-24 16:25 - 2020-04-24 16:25 - 001619679 _____ C:\Users\Mr.Perfect\Desktop\Sourcing Services (1).pptx
2020-04-24 10:46 - 2020-04-24 10:46 - 000798958 _____ C:\Users\Mr.Perfect\Desktop\BlueOceanConsulting.pdf
2020-04-23 18:29 - 2020-04-23 18:29 - 000704945 _____ C:\Users\Mr.Perfect\Downloads\Commercial Vehicle, North America.pdf
2020-04-23 01:37 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
2020-04-23 01:37 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2020-04-23 01:27 - 2020-04-23 01:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avira
2020-04-22 23:14 - 2020-04-22 23:14 - 000077790 _____ C:\Users\Mr.Perfect\Downloads\2020-03-WIP (1).xlsx
2020-04-21 20:51 - 2020-04-21 20:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2020-04-21 20:40 - 2020-04-21 20:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2020-04-21 20:38 - 2020-04-21 20:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2020-04-21 20:37 - 2020-04-21 20:38 - 000000000 ___RD C:\Users\Administrator\OneDrive
2020-04-21 20:36 - 2020-04-21 20:36 - 000001450 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2020-04-21 20:36 - 2020-04-21 20:36 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\AMD
2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2020-04-21 20:35 - 2020-04-21 20:35 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2020-04-21 20:34 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2020-04-21 20:34 - 2020-04-23 01:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2020-04-21 20:34 - 2020-04-21 21:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2020-04-21 20:34 - 2020-04-21 20:38 - 000002398 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-21 20:34 - 2020-04-21 20:37 - 000000000 ____D C:\Users\Administrator
2020-04-21 20:34 - 2020-04-21 20:36 - 000002343 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2020-04-21 20:34 - 2020-04-21 20:34 - 000002460 _____ C:\Users\Administrator\Desktop\Brave.lnk
2020-04-21 20:34 - 2020-04-21 20:34 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ___RD C:\Users\Administrator\3D Objects
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\VirtualStore
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\BraveSoftware
2020-04-21 20:34 - 2020-04-21 20:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\AMD
2020-04-21 20:34 - 2019-05-13 10:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Host App Service
2020-04-21 15:13 - 2020-05-04 20:00 - 000011614 _____ C:\Users\Mr.Perfect\Desktop\Shares.xlsx
2020-04-21 13:52 - 2020-04-21 13:52 - 000008293 _____ C:\Users\Mr.Perfect\Downloads\cnote.zip
2020-04-20 12:05 - 2020-04-20 12:05 - 000496205 _____ C:\Users\Mr.Perfect\Downloads\Unit_Statement_20-10-2019-20-04-2020.pdf
2020-04-19 14:27 - 2020-04-19 14:31 - 101674976 _____ (SpendMap) C:\Users\Mr.Perfect\Downloads\SpendMap-2018-SETUP.EXE
2020-04-19 11:10 - 2020-04-19 11:10 - 002678357 _____ C:\Users\Mr.Perfect\Downloads\Chinese-Investments-in-India-Report_2020_Final.pdf.pdf
2020-04-18 22:38 - 2020-04-18 22:41 - 000009348 _____ C:\Users\Mr.Perfect\Desktop\Shree Supplier.xlsx
2020-04-18 00:50 - 2020-04-18 00:50 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 014818816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 007017472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 003753472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-18 00:50 - 2020-04-18 00:50 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000673704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-18 00:50 - 2020-04-18 00:50 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-18 00:50 - 2020-04-18 00:50 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-18 00:50 - 2020-04-18 00:50 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000277864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-18 00:50 - 2020-04-18 00:50 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000123952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-18 00:50 - 2020-04-18 00:50 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll