Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-05.2019 Ran by bm silverlake (administrator) on DESKTOP-31AVM1E (MEDION Akoya P5394 G/B700) (27-05-2019 20:39:01) Running from C:\Users\bm silverlake\Desktop Loaded Profiles: bm silverlake (Available Profiles: bm silverlake) Platform: Windows 10 Home (X64) Language: English (United Kingdom) Default browser not detected! Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-06-17] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-05-26] (CyberLink Corp. -> CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499128 2015-05-26] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Winlogon: [Userinit] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {05473588-653D-4676-8EBB-2E5420BE786A} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [85432 2015-06-03] (CyberLink Corp. -> CyberLink Corp.) Task: {24366696-07E8-43C5-9999-795F6BA8DD63} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {28B499DB-2FDF-4D1C-9964-1F514A8A00FE} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe Task: {2C9793F0-C933-4B54-A813-7FF612D244C7} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) Task: {41696C0B-1B05-47CC-8486-B7B8166E69FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {9F97D21C-C136-4B90-88B7-49ED4C7BA381} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {BCD00AF6-A71B-4A8B-9246-FE8A27716771} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) Task: {C0E46C73-74DF-4D18-BEFF-E25BA526ECE3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2380088 2019-04-08] (AVAST Software s.r.o. -> AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f07d3a4d-9509-4aff-8571-aafb82f97501}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3578812641-2531012994-4198522184-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE SearchScopes: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33090001005_12.0.0.6818_i_ds_sp&p={searchTerms} SearchScopes: HKU\S-1-5-21-3578812641-2531012994-4198522184-1003 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://nl.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33090001005_12.0.0.6818_i_ds_sp&p={searchTerms} FireFox: ======== FF DefaultProfile: gtswo5le.default-1558722526495 FF ProfilePath: C:\Users\bm silverlake\AppData\Roaming\Mozilla\Firefox\Profiles\gtswo5le.default-1558722526495 [2019-05-27] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7126928 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (IntelĀ® Trusted Connect Service -> Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-05-24] (Microsoft Corporation -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-04-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225096 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385640 2019-05-23] (AVAST Software s.r.o. -> AVAST Software) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmo.inf_amd64_8c02cde12f55e370\nvlddmkm.sys [17493824 2019-01-05] (NVIDIA Corporation -> NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek Semiconductor Corp -> Realtek ) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-05-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-05-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-05-24] (Microsoft Windows -> Microsoft Corporation) S3 mfeavfk01; \Device\mfeavfk01.sys [X] S3 mfencbdc01; \Device\mfencbdc01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-27 20:39 - 2019-05-27 20:39 - 000014572 _____ C:\Users\bm silverlake\Desktop\FRST.txt 2019-05-27 20:30 - 2019-05-27 20:30 - 002435584 _____ (Farbar) C:\Users\bm silverlake\Desktop\FRST64.exe 2019-05-27 18:33 - 2019-05-27 18:33 - 000000000 ____D C:\Users\bm silverlake\Documents\CyberLink 2019-05-27 17:47 - 2019-05-27 20:39 - 000000000 ____D C:\FRST 2019-05-27 15:55 - 2019-05-26 19:50 - 000000064 _____ C:\Users\bm silverlake\Desktop\a2whitelist.ini.backup 2019-05-26 19:40 - 2019-05-27 20:07 - 000000000 ____D C:\WINDOWS\Minidump 2019-05-26 19:15 - 2019-05-27 15:57 - 000000000 ____D C:\Users\bm silverlake\Desktop\Reports 2019-05-26 19:14 - 2019-05-26 19:50 - 000005490 _____ C:\Users\bm silverlake\Desktop\a2settings.ini.backup 2019-05-26 19:14 - 2019-05-26 19:14 - 000000000 ____D C:\ProgramData\Emsisoft 2019-05-26 19:08 - 2019-05-27 16:32 - 000000064 _____ C:\Users\bm silverlake\Desktop\a2whitelist.ini 2019-05-26 19:08 - 2019-05-27 15:55 - 000000000 ____D C:\Users\bm silverlake\Desktop\Quarantine 2019-05-26 19:05 - 2019-05-27 15:56 - 000000000 ____D C:\Users\bm silverlake\Desktop\bin64 2019-05-26 19:05 - 2019-05-26 19:14 - 000000000 ____D C:\Users\bm silverlake\Desktop\bin32 2019-05-26 19:05 - 2019-05-26 02:02 - 001320128 _____ (Emsisoft Ltd) C:\Users\bm silverlake\Desktop\Start Emergency Kit Scanner.exe 2019-05-26 19:05 - 2019-05-26 02:02 - 000468544 _____ (Emsisoft Ltd) C:\Users\bm silverlake\Desktop\Start Commandline Scanner.exe 2019-05-26 19:05 - 2019-05-26 02:02 - 000004314 _____ C:\Users\bm silverlake\Desktop\readme.txt 2019-05-24 23:00 - 2019-05-24 23:00 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\mbam 2019-05-24 22:59 - 2019-05-24 22:59 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\mbamtray 2019-05-24 22:21 - 2019-05-24 22:21 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2019-05-24 22:12 - 2019-05-24 22:12 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll 2019-05-24 22:12 - 2019-05-24 22:12 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll 2019-05-24 22:06 - 2019-05-24 22:24 - 000000000 ____D C:\Users\bm silverlake\AppData\Roaming\Comodo 2019-05-24 22:02 - 2019-05-24 22:23 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\Comodo 2019-05-24 21:07 - 2019-05-24 21:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3578812641-2531012994-4198522184-1003 2019-05-24 19:46 - 2019-02-13 07:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-05-23 14:02 - 2019-05-23 14:02 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2019-05-21 18:42 - 2019-05-24 21:47 - 000000000 ____D C:\Users\bm silverlake\AppData\LocalLow\uTorrent 2019-05-20 23:04 - 2019-05-21 00:09 - 000000000 ____D C:\ProgramData\PopCap Games 2019-05-19 20:01 - 2019-05-19 20:04 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\CrashDumps 2019-05-15 10:38 - 2019-05-03 14:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-05-15 10:38 - 2019-05-03 14:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2019-05-15 10:38 - 2019-05-03 14:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2019-05-15 10:38 - 2019-05-03 13:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-05-15 10:38 - 2019-05-03 13:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-05-15 10:38 - 2019-05-03 13:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2019-05-15 10:38 - 2019-05-03 13:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-05-15 10:38 - 2019-05-03 13:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-05-15 10:38 - 2019-05-03 13:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-05-15 10:38 - 2019-05-03 13:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-05-15 10:38 - 2019-05-03 13:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2019-05-15 10:38 - 2019-05-03 13:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-05-15 10:38 - 2019-05-03 13:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2019-05-15 10:38 - 2019-05-03 13:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2019-05-15 10:38 - 2019-05-03 13:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-05-15 10:38 - 2019-05-03 13:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-05-15 10:38 - 2019-05-03 13:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-05-15 10:38 - 2019-05-03 13:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-05-15 10:38 - 2019-05-03 13:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2019-05-15 10:38 - 2019-05-03 13:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2019-05-15 10:38 - 2019-05-03 13:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-05-15 10:38 - 2019-05-03 13:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-05-15 10:38 - 2019-05-03 13:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-05-15 10:38 - 2019-05-03 08:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2019-05-15 10:38 - 2019-05-03 08:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-05-15 10:38 - 2019-05-03 08:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-05-15 10:38 - 2019-05-03 08:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-05-15 10:38 - 2019-05-03 08:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-05-15 10:38 - 2019-05-03 08:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-05-15 10:38 - 2019-05-03 08:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-05-15 10:38 - 2019-05-03 08:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-05-15 10:38 - 2019-05-03 08:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-05-15 10:38 - 2019-05-03 08:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-05-15 10:38 - 2019-05-03 08:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll 2019-05-15 10:38 - 2019-05-03 08:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-05-15 10:38 - 2019-05-03 08:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-05-15 10:38 - 2019-05-03 08:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-05-15 10:38 - 2019-05-03 08:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-05-15 10:38 - 2019-05-03 08:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2019-05-15 10:38 - 2019-05-03 08:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2019-05-15 10:38 - 2019-05-03 08:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2019-05-15 10:38 - 2019-05-03 08:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-05-15 10:38 - 2019-05-03 08:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-05-15 10:38 - 2019-05-03 08:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-05-15 10:38 - 2019-05-03 08:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-05-15 10:38 - 2019-05-03 08:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-05-15 10:38 - 2019-05-03 08:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-05-15 10:38 - 2019-05-03 08:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-05-15 10:38 - 2019-05-03 08:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-05-15 10:38 - 2019-05-03 08:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-05-15 10:38 - 2019-05-03 08:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-05-15 10:38 - 2019-05-03 08:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-05-15 10:38 - 2019-05-03 08:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-05-15 10:38 - 2019-05-03 08:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2019-05-15 10:38 - 2019-05-03 08:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-05-15 10:38 - 2019-05-03 08:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2019-05-15 10:38 - 2019-05-03 08:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2019-05-15 10:38 - 2019-05-03 08:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-05-15 10:38 - 2019-05-03 08:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-05-15 10:38 - 2019-05-03 08:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-05-15 10:38 - 2019-05-03 08:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll 2019-05-15 10:38 - 2019-05-03 08:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-05-15 10:38 - 2019-05-03 08:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-05-15 10:38 - 2019-05-03 08:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-05-15 10:38 - 2019-05-03 08:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-05-15 10:38 - 2019-05-03 08:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-05-15 10:38 - 2019-05-03 08:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-05-15 10:38 - 2019-05-03 08:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-05-15 10:38 - 2019-05-03 08:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-05-15 10:38 - 2019-05-03 08:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-05-15 10:38 - 2019-05-03 08:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-05-15 10:38 - 2019-05-03 08:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-05-15 10:38 - 2019-05-03 08:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll 2019-05-15 10:38 - 2019-05-03 08:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2019-05-15 10:38 - 2019-05-03 07:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2019-05-15 10:38 - 2019-05-03 07:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-05-15 10:38 - 2019-05-03 07:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2019-05-15 10:38 - 2019-05-03 07:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe 2019-05-15 10:38 - 2019-05-03 07:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-05-15 10:38 - 2019-05-03 07:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-05-15 10:38 - 2019-05-03 07:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-05-15 10:38 - 2019-05-03 07:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-05-15 10:38 - 2019-05-03 07:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2019-05-15 10:38 - 2019-05-03 07:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-05-15 10:38 - 2019-05-03 07:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-05-15 10:38 - 2019-05-03 07:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2019-05-15 10:38 - 2019-05-03 07:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-05-15 10:38 - 2019-05-03 07:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2019-05-15 10:38 - 2019-05-03 07:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-05-15 10:38 - 2019-05-03 07:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-05-15 10:38 - 2019-05-03 07:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2019-05-15 10:38 - 2019-05-03 07:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2019-05-15 10:38 - 2019-05-03 07:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2019-05-15 10:38 - 2019-05-03 07:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2019-05-15 10:38 - 2019-05-03 06:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2019-05-15 10:38 - 2019-04-23 09:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-05-15 10:38 - 2019-04-23 08:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-05-15 10:38 - 2019-04-19 12:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-05-15 10:38 - 2019-04-19 12:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-05-15 10:38 - 2019-04-19 12:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-05-15 10:38 - 2019-04-19 12:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-05-15 10:38 - 2019-04-19 12:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe 2019-05-15 10:38 - 2019-04-19 12:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll 2019-05-15 10:38 - 2019-04-19 12:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2019-05-15 10:38 - 2019-04-19 12:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-05-15 10:38 - 2019-04-19 11:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-05-15 10:38 - 2019-04-19 11:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-05-15 10:38 - 2019-04-19 11:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll 2019-05-15 10:38 - 2019-04-19 11:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-05-15 10:38 - 2019-04-19 11:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2019-05-15 10:38 - 2019-04-19 11:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2019-05-15 10:38 - 2019-04-19 07:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2019-05-15 10:38 - 2019-04-19 07:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-05-15 10:38 - 2019-04-19 07:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2019-05-15 10:38 - 2019-04-19 07:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-05-15 10:38 - 2019-04-19 07:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-05-15 10:38 - 2019-04-19 07:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-05-15 10:38 - 2019-04-19 07:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2019-05-15 10:38 - 2019-04-19 07:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-05-15 10:38 - 2019-04-19 07:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-05-15 10:38 - 2019-04-19 07:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2019-05-15 10:38 - 2019-04-19 07:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-05-15 10:38 - 2019-04-19 06:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-05-15 10:38 - 2019-04-19 06:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-05-15 10:38 - 2019-04-19 06:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2019-05-15 10:38 - 2019-04-19 06:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe 2019-05-15 10:38 - 2019-04-19 06:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2019-05-15 10:38 - 2019-04-19 06:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-05-15 10:38 - 2019-04-19 06:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll 2019-05-15 10:38 - 2019-04-19 06:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2019-05-15 10:38 - 2019-04-19 06:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll 2019-05-15 10:38 - 2019-04-19 06:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-05-15 10:38 - 2019-04-19 06:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-05-15 10:38 - 2019-04-19 06:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-05-15 10:38 - 2019-04-19 06:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll 2019-05-15 10:38 - 2019-04-19 06:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-05-15 10:38 - 2019-04-19 06:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2019-05-15 10:38 - 2019-04-19 06:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-05-15 10:38 - 2019-04-19 06:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-05-15 10:38 - 2019-04-19 06:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2019-05-15 10:38 - 2019-04-19 06:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2019-05-15 10:38 - 2019-04-19 06:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-05-15 10:38 - 2019-04-19 06:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-05-15 10:38 - 2019-04-19 06:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2019-05-15 10:38 - 2019-04-19 06:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-05-15 10:38 - 2019-04-19 06:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2019-05-15 10:38 - 2019-04-19 05:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls 2019-05-15 10:38 - 2019-04-19 05:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls 2019-05-15 10:38 - 2019-04-09 03:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-05-15 10:38 - 2019-04-09 03:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-05-15 10:38 - 2019-04-09 03:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-05-15 10:38 - 2019-04-09 03:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-05-15 10:38 - 2019-04-09 03:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-05-12 10:56 - 2019-05-24 20:16 - 000000000 ____D C:\found.000 2019-05-12 10:56 - 2019-05-12 10:56 - 000000080 ___SH C:\bootTel.dat 2019-05-03 22:16 - 2018-04-10 22:09 - 009481728 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0013.dll 2019-05-02 21:56 - 2019-05-24 21:26 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\BitTorrentHelper ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-05-27 20:35 - 2019-04-06 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software 2019-05-27 18:47 - 2015-08-19 14:59 - 000000000 ____D C:\ProgramData\NVIDIA 2019-05-27 18:34 - 2019-01-18 05:54 - 000000000 ___HD C:\Users\bm silverlake\MicrosoftEdgeBackups 2019-05-27 18:07 - 2019-01-18 05:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-05-27 16:55 - 2019-04-06 18:38 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2019-05-27 16:01 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-05-27 15:55 - 2019-01-18 05:51 - 000000000 ____D C:\Users\bm silverlake 2019-05-27 15:55 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF 2019-05-27 15:55 - 2015-07-25 19:00 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-05-27 15:51 - 2019-01-18 05:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-05-26 20:06 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-05-26 19:41 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-05-26 18:54 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-05-26 18:53 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-05-26 18:52 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-05-24 21:39 - 2019-01-18 05:53 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\ConnectedDevicesPlatform 2019-05-24 21:16 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-05-24 20:42 - 2019-01-05 22:08 - 000000000 ____D C:\Users\bm silverlake\AppData\LocalLow\Mozilla 2019-05-24 20:19 - 2019-01-06 19:30 - 000000000 ____D C:\Program Files\rempl 2019-05-24 20:06 - 2019-01-18 05:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-05-24 20:06 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Defender 2019-05-23 14:02 - 2019-04-06 18:38 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000385640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000225096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2019-05-23 14:02 - 2019-04-06 18:38 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2019-05-20 23:41 - 2019-01-05 19:51 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\VirtualStore 2019-05-16 11:02 - 2019-01-18 05:49 - 000255768 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-05-16 03:23 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2019-05-16 03:23 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-05-16 03:23 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-05-16 03:23 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-05-15 10:38 - 2019-01-06 19:31 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-05-15 10:37 - 2019-01-06 19:31 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-05-13 17:44 - 2019-01-18 05:53 - 000002278 _____ C:\WINDOWS\System32\Tasks\PDVDServ12 Task 2019-05-04 01:53 - 2018-04-12 01:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-05-04 01:53 - 2018-04-12 01:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-05-03 22:42 - 2019-01-18 19:57 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\PlaceholderTileLogoFolder 2019-05-03 22:42 - 2019-01-05 19:51 - 000000000 ____D C:\Users\bm silverlake\AppData\Local\Packages 2019-05-03 22:16 - 2018-04-12 18:16 - 000000000 ____D C:\WINDOWS\OCR ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================