Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019 Ran by User (administrator) on DESKTOP-3U44EF8 (22-06-2019 22:37:25) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User) Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: 中文 (繁體,台灣) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19053.13.0_x64__8wekyb3d8bbwe\YourPhone.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) C:\Program Files (x86)\kbasesrv\kbasesrv.exe (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) C:\Program Files (x86)\kbasesrv\knbdef64.exe (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) C:\Program Files (x86)\kbasesrv\knbhm.exe (Bluestack Systems, Inc. -> Bluestack System Inc. ) C:\Program Files\BlueStacks\BstkSVC.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe (Chengdu Tianyicheng Software Co.,Ltd. -> ) C:\Program Files\Common Files\system\TYCLanMonitor\Bin\Driver64\TYCHide64.exe (Chengdu Tianyicheng Software Co.,Ltd. -> ) C:\Program Files\Common Files\system\TYCLanMonitor\Bin\TYCSoft.exe (Chengdu Tianyicheng Software Co.,Ltd. -> 成都天易成软件有限公司 ) C:\Program Files\Common Files\system\TYCLanMonitor\Bin\TYCLanMonitor.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxCUIService.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHDCPSvc.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_24de78387e6208e4\IntelCpHeciSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Skysoft Co., Ltd. -> 願境網訊股份有限公司 (KKBOX Taiwan Co., Ltd.)) [File not signed] C:\Program Files (x86)\KKMAN\KKMAN.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2018-11-07] (RealNetworks, Inc. -> RealNetworks, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {14E13DBC-1477-4230-9FC5-0F41A66655C8} - System32\Tasks\klcp_update => CodecTweakTool.exe Task: {26093D6E-CA3C-49CB-8058-F24804E2D85C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {3F669E01-B551-49B3-95DB-6B1EAAAA287B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {5D3107B8-63C4-4CDD-9ABD-611F824C3EC3} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {657CC6E2-67B1-4033-A30D-F19FD26F8BC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {69CE3B40-81E7-445B-99B1-AA03D5CDC43E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {6EC8F844-3E60-40DB-9054-8AADB9238E42} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7CB9E00B-D27C-4877-AE4D-CE06F86C58DE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3811738166-4083531449-991595899-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [178800 2011-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.) Task: {971ED4F5-56E7-4264-83B7-40244ED55479} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9DF41C0F-0C4D-44CC-BFE4-C8D3C98E6055} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-07] (Google Inc -> Google Inc.) Task: {A029F408-7975-466D-981D-830FBAEBDC9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B378C911-37A0-4FD1-9B96-9279035AD9F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {EA590514-C133-4FB4-9C02-76FC6BE5AF5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-07] (Google Inc -> Google Inc.) Task: {EBE0ABC4-397A-4725-9A4D-19E40BCFA47F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3811738166-4083531449-991595899-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [178800 2011-11-29] (RealNetworks, Inc. -> RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{9e3c62a7-9309-4cdb-80b8-eb2169091c48}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-3811738166-4083531449-991595899-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.tw/ BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2018-11-07] (RealNetworks, Inc. -> RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2018-11-07] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2018-11-07] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2018-11-07] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2018-11-07] (RealNetworks, Inc.) [File not signed] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @xfplay.com/xfplay -> C:\Program Files (x86)\xfplay\npxfweb.dll [2018-02-12] (临桂零与壹软件有限公司 -> hxxp://www.xfplay.com) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com.tw/ CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-06-22] CHR Extension: (簡報) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-07] CHR Extension: (文件) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-07] CHR Extension: (Google 雲端硬碟) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-07] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-07] CHR Extension: (試算表) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-07] CHR Extension: (Google 文件離線版) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-07] CHR Extension: (Chrome 線上應用程式商店付款系統) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-07] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-27] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-22] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-10] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 kbasesrv; C:\Program Files (x86)\kbasesrv\kbasesrv.exe [116000 2018-11-07] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TYCLanMonitor; C:\Program Files\Common Files\System\TYCLanMonitor\Bin\TYCSoft.exe [1622472 2019-04-12] (Chengdu Tianyicheng Software Co.,Ltd. -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-10-25] (Bluestack Systems, Inc. -> Bluestack System Inc. ) R2 kbaseapi64; C:\Windows\system32\drivers\kbaseapi64.sys [79288 2018-11-14] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R2 kbasemgr; C:\WINDOWS\system32\drivers\kbasemgr.sys [125880 2018-11-14] (Beijing Kingsoft Security software Co.,Ltd -> Kingsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1024848 2018-01-19] (Realtek Semiconductor Corp. -> Realtek ) R2 TYCMiniFilter; C:\Program Files\Common Files\System\TYCLanMonitor\Bin\Driver64\TYCMiniFilter.sys [17704 2019-04-12] (Chengdu Tianyicheng Software Co.,Ltd. -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-01] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-01] (Microsoft Windows -> Microsoft Corporation) R2 windivert; C:\WINDOWS\System32\drivers\windivert.sys [38064 2019-04-12] (Nemea Mjukvaruutveckling AB -> Basil) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-22 22:37 - 2019-06-22 22:38 - 000016743 _____ C:\Users\User\Downloads\FRST.txt 2019-06-22 22:37 - 2019-06-22 22:37 - 000000000 ____D C:\FRST 2019-06-22 22:33 - 2019-06-22 22:33 - 002418688 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2019-06-20 13:56 - 2019-06-20 13:57 - 000000000 ____D C:\AdwCleaner 2019-06-20 13:54 - 2019-06-20 13:55 - 007025360 _____ (Malwarebytes) C:\Users\User\Downloads\adwcleaner_7.3.exe 2019-06-19 08:30 - 2019-06-19 08:30 - 000000000 ____D C:\Program Files\UNP 2019-06-13 20:04 - 2019-06-13 20:04 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2019-06-13 20:04 - 2019-06-13 20:04 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2019-06-13 20:04 - 2019-06-13 20:04 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-06-13 20:04 - 2019-06-13 20:04 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-06-13 20:04 - 2019-06-13 20:04 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2019-06-13 20:04 - 2019-06-13 20:04 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000927744 _____ (Microsoft Corporation) C:\WINDOWS\system32\assignedaccessmanagersvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessManager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2019-06-13 20:04 - 2019-06-13 20:04 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-06-13 20:04 - 2019-06-13 20:04 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2019-06-13 20:04 - 2019-06-13 20:04 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2019-06-13 20:04 - 2019-06-13 20:04 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2019-06-12 20:03 - 2019-06-12 20:03 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2019-06-07 09:36 - 2019-06-07 09:36 - 000000000 ____D C:\Users\User\AppData\Roaming\cnndxa 2019-06-06 08:45 - 2019-06-06 08:45 - 000000000 ____D C:\Users\User\AppData\Roaming\csztpz 2019-06-02 08:33 - 2019-06-02 08:33 - 000000000 ____D C:\Users\User\AppData\Roaming\cnfiju 2019-05-27 20:52 - 2019-05-27 20:52 - 000000000 ____D C:\Users\User\AppData\Roaming\RealNetworks ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-06-22 22:36 - 2018-09-15 15:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-06-22 21:39 - 2019-02-20 17:55 - 000004118 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1060DD88-56BD-4986-B537-58B86DA31BDC} 2019-06-22 21:37 - 2018-11-08 20:24 - 000000000 ____D C:\Users\User\AppData\LocalLow\xfplay 2019-06-22 21:32 - 2018-11-11 08:40 - 000000000 ____D C:\xfmovie 2019-06-22 21:24 - 2019-02-20 17:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-06-22 16:48 - 2018-09-15 15:33 - 000000000 ___HD C:\Program Files\WindowsApps 2019-06-22 16:48 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-06-22 08:51 - 2019-02-20 17:57 - 001404664 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-06-22 08:51 - 2018-09-16 00:04 - 000430180 _____ C:\WINDOWS\system32\prfh0404.dat 2019-06-22 08:51 - 2018-09-16 00:04 - 000133064 _____ C:\WINDOWS\system32\prfc0404.dat 2019-06-22 08:51 - 2018-09-15 15:31 - 000000000 ____D C:\WINDOWS\INF 2019-06-22 08:47 - 2019-02-20 17:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-06-22 08:47 - 2018-11-07 10:25 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles 2019-06-21 23:42 - 2018-09-15 14:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2019-06-21 14:31 - 2018-11-07 09:58 - 000002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-06-21 14:31 - 2018-11-07 09:58 - 000002241 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-06-18 08:11 - 2018-11-07 10:30 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache 2019-06-16 13:53 - 2019-02-20 17:55 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3811738166-4083531449-991595899-1001 2019-06-16 13:53 - 2019-02-20 17:52 - 000002279 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-06-16 13:53 - 2018-11-06 11:49 - 000000000 ___RD C:\Users\User\OneDrive 2019-06-15 22:34 - 2018-11-07 09:52 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-06-14 09:44 - 2019-02-20 17:51 - 000751960 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-06-14 09:44 - 2018-11-06 11:48 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-06-14 09:44 - 2018-11-06 11:48 - 000000000 ___RD C:\Users\User\3D Objects 2019-06-13 23:17 - 2018-09-15 15:33 - 000000000 ___RD C:\Program Files\Windows Defender 2019-06-13 23:17 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\system32\migwiz 2019-06-13 23:17 - 2018-09-15 15:33 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-06-13 20:05 - 2018-09-15 15:23 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-06-12 20:04 - 2018-11-06 12:05 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-06-12 20:03 - 2018-11-06 12:05 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-06-11 20:04 - 2018-11-07 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2019-06-04 10:51 - 2018-11-06 17:45 - 000000000 ____D C:\ProgramData\Packages 2019-06-02 22:57 - 2018-11-07 10:41 - 000000000 ____D C:\Program Files (x86)\kbasesrv 2019-06-01 08:03 - 2018-11-06 11:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-06-01 02:03 - 2018-09-15 15:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-06-01 02:03 - 2018-09-15 15:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ================ 2018-11-07 10:41 - 2018-11-07 10:41 - 000000021 _____ () C:\Users\User\AppData\Roaming\fixcfg.ini ==================== FLock ================ 2018-11-06 11:26 C:\WINDOWS\CSC ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ============================