PDA

View Full Version : Computer taking forever to start



gigglepot
2020-02-18, 15:51
Hello, it's been a long time since I've needed computer help. After my last issue, our computer died and we bought a new one! Anyway, in the last week or so something must have changed (kids!) because it now takes almost 7 minutes for my computer to start. It starts with the welcome screen, then gives me a black screen with the mouse pointer in the middle for almost 7 minutes, then finally gets to my desktop. Then everything works normal! I don't even know where to begin except I ran Spybot. Please help when you can. Thank you.

Juliet
2020-02-18, 19:13
Not so sure this is malware related.
We can scan to see if something is going on in the background in case.

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

gigglepot
2020-02-19, 05:27
Hello, here are the two logfiles you asked for:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2020
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (18-02-2020 20:18:07)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian (Available Profiles: Lillian)
Platform: Windows 10 Home Version 1809 17763.1039 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\MobiGame\aeg_launcher.exe
() [File not signed] C:\Program Files\MobiGame\MobiGameUpdater.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Gaijin Network LTD -> Gaijin Entertainment) C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(The Weather Network -> Pelmorex Media Inc.) C:\Users\Lillian\AppData\Local\The Weather Network\weathereye.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31606672 2020-02-18] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2361600 2019-11-28] (Gaijin Network LTD -> Gaijin Entertainment)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Notifier] => "C:\Program Files\MobiGame\player\mobinotifier.exe"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [WeatherEye] => C:\Users\Lillian\AppData\Local\The Weather Network\weathereye.exe [310920 2012-08-30] (The Weather Network -> Pelmorex Media Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {027B2618-3701-4A01-A814-BE34A1C3C3DC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-02-11] (Adobe Inc. -> Adobe)
Task: {0CE59796-FE57-49CF-A450-EB794C4FB4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {17DC42A2-F68C-4C6E-A685-B484C8ECF152} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {289EC535-ACBB-46C5-8599-0FD3667513C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.)
Task: {48EE3F79-D85A-447B-B72A-9A070226625D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [277880 2019-11-22] (HP Inc. -> HP Inc.)
Task: {609C5D74-96CB-477D-B561-7717230B227C} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {67755C6A-AA4D-4382-97D8-2E2DE5861C36} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {7606036E-858C-4ED9-B14F-6B485B9BBA7D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-02-11] (Adobe Inc. -> Adobe)
Task: {8664DE82-3409-44EF-AC76-7A24804D3662} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {99C64CCC-E267-439A-A447-D06ED6D58491} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9F57CADA-CB76-426E-816A-BCE06E750A54} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {A3FB1060-736B-4136-9C44-A1762622D30A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {A88A8A69-15CD-4AC5-A49F-9EED0833C275} - System32\Tasks\HPCeeScheduleForLillian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B45E2B4C-BE40-44FF-9671-5A671C175CD8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1114488 2020-01-07] (HP Inc. -> HP Inc.)
Task: {CCD75ED5-CCA2-4B7B-9EA0-101A498F3C0E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {D23D75CF-B448-40EE-A832-1432ED87C6AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {D8F80293-64F2-4DAA-84AF-FDB8172F897A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {DA38A483-B158-4A7F-873E-898A2DFF1F71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {DC43C091-23D3-431D-B6A7-A6C40FD84523} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1114488 2020-01-07] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {E8D7EFEC-96B8-4937-98F2-C0D40D639D6B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForLillian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.135.147 64.59.128.113
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 64.59.135.147 64.59.128.113

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)

FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2020-02-18]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://en.softonic.com; hxxps://www.facebook.com; hxxps://www.allrecipes.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2019-07-14]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2020-01-08]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\sp@avast.com.xpi [2020-02-13]
FF Extension: (Avast Online Security) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\wrc@avast.com.xpi [2019-10-03] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-31] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-02-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2020-02-14]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.kijiji.ca/"
CHR Extension: (Slides) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-14]
CHR Extension: (Docs) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-14]
CHR Extension: (Google Drive) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-24]
CHR Extension: (YouTube) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-14]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2020-01-27]
CHR Extension: (Sheets) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-27]
CHR Extension: (Gmail) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegLauncher; C:\Program Files\MobiGame\aeg_launcher.exe [7183872 2020-02-09] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe [504832 2018-11-20] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8413472 2020-02-05] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-11-01] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1327400 2017-09-05] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MobiGameUpdater; C:\Program Files\MobiGame\MobiGameUpdater.exe [202240 2020-02-09] () [File not signed]
R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [215992 2018-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [738712 2019-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1657136 2020-02-05] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2017-12-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-12-04] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmdag.sys [47076864 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmpag.sys [587264 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2017-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-12-04] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 MobiVBoxDrv; C:\Program Files\MobiGame\vbox\MobiVBoxDrv.sys [314688 2020-02-04] (Iron Entertainment Inc. -> Oracle Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-20] (Realtek Semiconductor Corp. -> Realtek )
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [787232 2019-11-30] (WDKTestCert VSAuto,131800073559665678 -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-11-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11722328 2019-12-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2017-01-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-13] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-18 20:18 - 2020-02-18 20:19 - 000035510 _____ C:\Users\Lillian\Desktop\FRST.txt
2020-02-18 20:17 - 2020-02-18 20:19 - 000000000 ____D C:\FRST
2020-02-18 20:16 - 2020-02-18 20:16 - 002279424 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2020-02-13 06:14 - 2020-02-12 17:35 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-02-13 06:14 - 2020-02-12 17:35 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-02-12 22:25 - 2020-02-12 22:25 - 000000000 ____D C:\ProgramData\ssh
2020-02-12 17:19 - 2020-02-12 17:19 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 024617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 023463424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 019020288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 013013504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 012306432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 008906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 007923712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 007870976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 006061056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 005436936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004872704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004658688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 004488192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 003904000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003550592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 003442176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 002942976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002469432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002323904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 002273080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001877168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001430672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001288856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001267216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2020-02-12 17:19 - 2020-02-12 17:19 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 001182720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-02-12 17:19 - 2020-02-12 17:19 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-02-12 17:19 - 2020-02-12 17:19 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 001062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfrgui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dfrgui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000428544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapisrv.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000263576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapisrv.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\srrstr.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-02-12 17:19 - 2020-02-12 17:19 - 000212480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\recdisc.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000186880 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-02-12 17:19 - 2020-02-12 17:19 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWSD.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2020-02-12 17:19 - 2020-02-12 17:19 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2020-02-12 17:19 - 2020-02-12 17:19 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrTasks.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 022137336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 009669648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 007888896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006943232 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006546296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006445568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 006318544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005608328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005528576 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005300736 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 004588776 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 004050944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003874936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003636736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 003363848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002879488 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002848256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002780296 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002770944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 002348544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002292224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002280024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001963536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 001866240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001830928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001796920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-02-12 17:18 - 2020-02-12 17:18 - 001677088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001674688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001665720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001647104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001486680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001479208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001476096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001360912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 001345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-02-12 17:18 - 2020-02-12 17:18 - 001319936 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001262592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001222672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001219584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdclt.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001056272 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 001012736 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000927232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000876032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2020-02-12 17:18 - 2020-02-12 17:18 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000591376 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000541472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000494080 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000465424 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000431416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2020-02-12 17:18 - 2020-02-12 17:18 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000252024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000156712 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWSD.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdrsvc.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000128616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-02-12 17:18 - 2020-02-12 17:18 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasphone.exe
2020-02-12 17:18 - 2020-02-12 17:18 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 007701200 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 005577656 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 004417552 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 003577856 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003334496 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003329536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 003006464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002707456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 002634240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002590736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 002015608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001677312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001538560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001520232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001387512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001294488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001259832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 001258504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 001054952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000902344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000902144 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000888864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000856432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000758928 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000751632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000681416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000677144 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000606224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000510264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000446480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000405520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000402584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000398416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000389920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000331104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000313000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000293856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000286520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000253256 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000213816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000189496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000169784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000163240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000105784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000103736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-02-12 17:17 - 2020-02-12 17:17 - 000095760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2020-02-12 17:17 - 2020-02-12 17:17 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Websocket.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Websocket.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-02-12 17:17 - 2020-02-12 17:17 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-02-07 15:55 - 2020-02-07 15:55 - 000000000 _____ C:\Users\Lillian\Desktop\umbrellas-coloring-260nw-570821461.heic
2020-01-25 07:57 - 2020-01-25 07:57 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\505 Games
2020-01-21 09:59 - 2020-01-30 20:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-19 18:46 - 2020-01-19 18:46 - 000000272 _____ C:\Users\Lillian\Desktop\Horace.url
2020-01-19 14:08 - 2020-01-19 14:08 - 000000000 ____D C:\Users\Public\CyberLink
2020-01-19 14:08 - 2020-01-19 14:08 - 000000000 ____D C:\Users\Lillian\Documents\CyberLink

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-18 20:15 - 2019-02-13 13:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-02-18 20:15 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-18 17:25 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-18 17:25 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-02-18 17:17 - 2019-07-11 05:39 - 000002812 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForLillian
2020-02-18 17:17 - 2019-07-11 05:39 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLillian.job
2020-02-18 17:17 - 2019-02-13 13:28 - 000003750 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-02-18 17:17 - 2019-02-13 13:28 - 000003446 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-02-18 17:17 - 2019-02-13 13:28 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-18 17:17 - 2019-02-13 13:28 - 000003312 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2020-02-18 17:17 - 2019-02-13 13:28 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-18 17:17 - 2019-02-13 13:28 - 000002912 _____ C:\WINDOWS\system32\Tasks\DriverUpdate Scan
2020-02-18 17:17 - 2019-02-13 13:28 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2020-02-18 17:17 - 2019-02-13 13:28 - 000002856 _____ C:\WINDOWS\system32\Tasks\HPJumpStartLaunch
2020-02-18 17:17 - 2019-02-13 13:28 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2020-02-18 17:17 - 2019-02-13 13:28 - 000002552 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2020-02-18 17:17 - 2019-02-13 13:28 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2020-02-18 17:17 - 2019-02-13 13:28 - 000002440 _____ C:\WINDOWS\system32\Tasks\HPAudioSwitch
2020-02-18 17:17 - 2019-02-13 13:28 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2020-02-18 17:17 - 2019-02-13 13:28 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2020-02-18 17:17 - 2019-02-13 13:28 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2020-02-18 17:17 - 2019-02-13 13:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-02-18 12:17 - 2018-06-23 06:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2020-02-18 06:40 - 2018-05-13 09:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2020-02-18 06:32 - 2018-05-16 11:39 - 000000000 ____D C:\Users\Lillian\AppData\Local\WarThunder
2020-02-18 06:31 - 2018-06-22 04:55 - 000000000 ____D C:\Users\Lillian\AppData\Local\AVAST Software
2020-02-18 06:30 - 2018-05-22 05:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-02-18 06:30 - 2018-05-13 09:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\VirtualStore
2020-02-17 20:18 - 2018-07-09 20:25 - 000000000 ____D C:\Users\Lillian\AppData\Local\CrashDumps
2020-02-17 19:06 - 2018-06-01 19:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2020-02-17 07:44 - 2019-02-13 13:28 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-02-13 22:14 - 2018-12-20 22:31 - 000002033 _____ C:\WINDOWS\wininit.ini
2020-02-13 14:34 - 2018-06-01 19:30 - 000001438 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2020-02-13 14:34 - 2018-06-01 19:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2020-02-13 14:34 - 2018-06-01 19:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-02-13 06:19 - 2019-02-13 13:19 - 000935056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-02-13 06:19 - 2018-09-15 00:31 - 000000000 ____D C:\WINDOWS\INF
2020-02-13 06:16 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2020-02-13 06:16 - 2018-05-13 09:38 - 000000000 ___RD C:\Users\Lillian\3D Objects
2020-02-13 06:16 - 2017-10-05 16:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-02-13 06:13 - 2019-02-13 13:00 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-02-13 06:13 - 2018-06-20 05:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2020-02-13 06:12 - 2019-02-13 13:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-02-12 22:27 - 2018-09-14 23:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-02-12 22:27 - 2018-02-10 01:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-02-12 22:26 - 2019-02-13 13:36 - 000000000 ____D C:\WINDOWS\holoshell
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-02-12 22:26 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-02-12 22:26 - 2018-09-14 23:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-02-12 22:26 - 2018-09-14 23:09 - 000000000 ____D C:\WINDOWS\servicing
2020-02-12 17:35 - 2018-09-15 00:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-02-12 17:32 - 2018-05-13 10:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-02-12 17:26 - 2018-05-13 10:27 - 120407888 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-02-11 06:22 - 2019-12-10 06:14 - 006350904 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2020-02-11 06:22 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-02-11 06:22 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-02-10 09:26 - 2019-02-13 13:05 - 000002376 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-10 09:26 - 2018-05-13 09:40 - 000000000 ___RD C:\Users\Lillian\OneDrive
2020-02-10 06:45 - 2019-09-06 10:12 - 000000000 ____D C:\Program Files\MobiGame
2020-02-10 06:44 - 2019-10-10 06:13 - 000002057 _____ C:\Users\Lillian\Desktop\Play Store.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000001386 _____ C:\Users\Public\Desktop\Skype.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000001386 _____ C:\ProgramData\Desktop\Skype.lnk
2020-02-06 16:11 - 2020-01-07 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2020-02-06 09:22 - 2018-05-16 10:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2020-02-06 09:03 - 2019-07-17 14:36 - 000000000 ____D C:\Users\Lillian\AppData\Local\BlueStacks
2020-02-03 12:58 - 2018-06-20 11:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\vlc
2020-01-30 20:45 - 2018-05-13 09:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-27 19:19 - 2018-12-13 18:40 - 000000000 ____D C:\Users\Lillian\BrawlhallaReplays
2020-01-24 15:04 - 2018-06-01 19:16 - 000000000 ____D C:\Program Files (x86)\Minecraft
2020-01-22 16:36 - 2018-05-14 05:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-21 09:59 - 2018-05-13 09:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-20 09:50 - 2018-05-16 05:16 - 000000419 _____ C:\WINDOWS\BRWMARK.INI
2020-01-19 16:56 - 2018-05-16 10:10 - 000000000 ____D C:\Program Files\Epic Games

==================== Files in the root of some directories ========

2018-05-14 10:44 - 2018-05-14 11:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 11:24 - 2018-05-14 11:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 09:38 - 2020-02-18 06:29 - 000628652 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2019-09-06 08:51 - 2019-09-06 08:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2020
Ran by Lillian (18-02-2020 20:20:42)
Running from C:\Users\Lillian\Desktop
Windows 10 Home Version 1809 17763.1039 (X64) (2019-02-13 20:30:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.14.49.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0005 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
MobiGame (HKLM\...\{0CD5AE2D-BB58-4E35-8B5C-AFE995A80E1A}) (Version: 2.16.8.0 - MobiGame)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 72.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.2 (x64 en-US)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype version 8.56 (HKLM-x32\...\Skype_is1) (Version: 8.56 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
The Weather Network (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\The Weather Network) (Version: 6.0.2.5 - The Weather Network)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.19 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.396 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.34.41.0_x86__kgqvnymyfvs32 [2020-01-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1700.2.0_x86__kgqvnymyfvs32 [2020-02-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.157.400.0_x86__kgqvnymyfvs32 [2020-02-07] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.8.1.3_x86__h6adky7gbf63m [2020-02-13] (Gameloft.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-15] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-17] (Dropbox Inc.)
Floor Adjustment -> C:\Windows\SystemApps\RoomAdjustment_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa [2020-01-29] (Apple Inc.) [Startup Task]
Learn Mixed Reality -> C:\Windows\SystemApps\MixedRealityLearning_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.6.0.11_x86__h6adky7gbf63m [2020-02-12] (Gameloft.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.35.20273.0_x64__8wekyb3d8bbwe [2020-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12430.20264.0_x86__8wekyb3d8bbwe [2020-02-17] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe [2020-02-12] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-21] (Netflix, Inc.)
New for You -> C:\Windows\SystemApps\WhatsNew_cw5n1h2txyewy [2019-08-13] (Microsoft Corporation)
Passthrough -> C:\Windows\SystemApps\passthrough_cw5n1h2txyewy [2019-02-13] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeInternet_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeInternetSso_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
Sign In -> C:\Windows\SystemApps\WebAuthBridgeIntranetSso_cw5n1h2txyewy [2019-02-13] (ms-resource:PublisherDisplayName)
The Weather Network -> C:\Program Files\WindowsApps\TheWeatherNetworkMeteoMed.TheWeatherNetwork_2.1.8297.0_x64__4synmnwyp9drt [2019-02-13] (The Weather Network)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-23] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-02-13 13:07 - 2019-02-13 13:07 - 008007680 _____ ( ) [File not signed] C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000138240 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\9d55aa94f59cf0a059be10a9a84b52c4\Interop.IWshRuntimeLibrary.ni.dll
2018-05-16 05:15 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-05-16 10:06 - 2018-05-16 10:07 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-05-16 10:07 - 2018-05-16 10:07 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-05-16 10:07 - 2018-05-16 10:07 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2005-09-07 11:03 - 2005-09-07 11:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2018-05-16 05:15 - 2012-06-05 14:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 05:15 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 05:15 - 2009-12-23 14:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 05:15 - 2009-12-25 14:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 05:15 - 2011-10-07 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\4063ef6b26bda17cd749180e55e6407c\Hardcodet.Wpf.TaskbarNotification.ni.dll
2018-05-18 09:11 - 2018-04-30 05:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 001585152 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\7805a4c726675f423fcd6038757263dd\NAudio.ni.dll
2020-02-13 12:16 - 2020-02-13 12:16 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\67e96d905b0ee480dadec8739f7ed467\Newtonsoft.Json.ni.dll
2018-02-10 01:46 - 2017-06-20 20:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2020-02-13 12:19 - 2020-02-13 12:19 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\3fe906ad9a6cf5949e30a90b70a3a0e5\log4net.ni.dll
2018-05-16 10:06 - 2018-05-16 10:06 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Lillian\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2019-01-04 07:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 64.59.135.147 - 64.59.128.113
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B090072-D72C-4914-B8C9-9D9A26FA4A34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{06D5C739-7ACC-43EE-8F07-1E38D0D5BE67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{4EBA5F59-C476-4904-8C44-A4DB352AFC77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\Bendy and the Ink Machine.exe () [File not signed]
FirewallRules: [{4ED688BF-B168-4EC6-855E-736F27B811CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\Bendy and the Ink Machine.exe () [File not signed]
FirewallRules: [{8B6D9B25-1ABF-46A2-8532-115380E404FE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A82FF69B-E60F-42A5-86CE-6AFC3F2B2E27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{080A2033-3A08-4918-BE97-DD2B29CBEB44}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{CCEAFC71-8A09-4E6E-A300-8534C3553843}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{7DA01A3C-AD80-4F97-8321-E662685012FA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{145F1E86-196B-4219-B47D-D3DE46FEBFEC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{739DAB6A-0A14-4A53-B1DA-E4649647ED66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A282D93A-88F9-4BEE-9939-6DF15CA0ECC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{663A09A8-AF78-4C2B-9C12-FD64CCF49274}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3FD1DC98-62C7-4397-B45C-4396DBF10EA1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9C15C379-0EB7-4386-A6C5-8B31BA37FDD5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{E1984601-82AB-4C30-884C-68A37BCB7CDB}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [TCP Query User{015F26C2-E325-4FD7-9473-190C9260816B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A4C0B2CF-F920-484B-A846-2DEAA6A80254}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1C57984-9AF8-4631-94B8-E6EA35589919}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5D5DB9C-2DB8-43BC-A621-FBBA1E3217AA}] => (Allow) LPort=2869
FirewallRules: [{442EA53B-328F-468E-BA66-5C0B3F9E505A}] => (Allow) LPort=1900
FirewallRules: [{E33734E5-18B0-432B-9A17-0698CFAF239F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EB442B57-B2D2-47B8-9CB4-5C291B47EDA9}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{EE4FB49A-B46D-4EF0-A775-04C9F2E4C16D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{2B2DF538-3464-4353-A095-F38666806596}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F8F4CC7E-6A61-48B1-B633-90E80F268983}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{9C925323-83CD-4472-98F9-5ECE8FE30DFA}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{0FD6D81B-41AA-470C-928A-43E59B71F8BE}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B2CD05EC-C850-4522-B3A2-E76CB737C574}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{80401D63-0F2A-4E08-A1CC-E24E0ECF5CE7}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{91186E26-32E1-4A30-BA24-70E3FA18EDDB}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{7E3772D9-B71D-4525-91BC-6A5B9D5EDE0C}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{30B03208-4CDE-4292-9D8F-47475C5DF172}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6C7E75F2-E59B-4040-80B3-5D70B3BDA12A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6B0F6E54-AB92-48DF-B4FD-82BD74203E7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0954DE90-F8DD-41AF-B47D-7B9EF580A312}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D8071043-EA7C-4EE7-AD9C-D4C571FC522F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{8362C1A9-2DC8-4DB7-98EC-ED011B360C17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scribblenauts\Scribble.exe () [File not signed]
FirewallRules: [{4E3D0006-9134-40EB-8406-54C313143A56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe (Travellers Tales (UK) Limited -> )
FirewallRules: [{6DD1278C-1E2D-4389-B0B9-7837DCF0681E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Worlds\LEGO_Worlds.exe (Travellers Tales (UK) Limited -> )
FirewallRules: [{1AB2CD83-2AFF-466E-ADAE-E5664EA8CF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [{42292E58-D1FB-4645-A378-AD1E47D6632A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [TCP Query User{B06C0B1C-2AAF-4F3C-8F1F-ACA2E7A33103}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{60AD65A8-D6CB-48D1-B44E-12A2DA8F7534}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{B2154E67-8F8A-4418-A1A5-3D8944D63381}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{2D6318AC-87DB-427E-B300-F04D15121BC0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{95EFB40F-83E3-4236-B2D7-8A5DCC73CDE0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{DA5B1AA0-D1D9-4FFF-A017-93B219D02ACD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{5496ADFC-BF8F-4172-9BD1-26054AFD7BC4}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{76689C82-F7CC-4390-BA79-99FC25AFA603}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{151B702B-2C5C-496B-A0D3-0147834910DD}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5CA60DBE-5099-432B-BBC5-833788F4D077}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{4B362E53-F249-4B5D-975B-11810A0A6604}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{140FCF15-D11E-48F3-A4A0-C228B55EB906}] => (Allow) C:\Users\Lillian\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{D303FC5B-CA57-4203-A0C3-58F21B67958C}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{4868C638-C017-4D06-8149-9EAA55C6D5D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{98041F33-D7DD-4A8A-ADA6-7B99E03552EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{0C3C5C1A-B086-48A3-B4B1-703F7967300D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardLife\launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{943D344B-3E04-43A8-8FE6-29A6DD3F70FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CardLife\launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5885EC60-B2A7-4878-BCCC-EFD2F87FA3B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B81B95C4-1E56-4C2E-A1E7-88D5926D5897}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{736E2C56-058F-4A22-ADC6-7212212C9D4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C883817-C07E-4B4D-B0F7-2BA95C38F1DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB692EA8-73BA-4C58-8200-52FD9FB7116F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2526A805-3805-43D3-B766-A59B2D6506D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD060EB0-CC00-46EB-B54E-7BB3915D394F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3206F8C7-88A7-46E0-A6EA-1C8AD850EA25}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D00672CA-C7F5-43BD-8E13-510AE40F9240}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12104.2.43056.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DDAB89C8-5E21-4314-A561-CA40DF9CEC99}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9D50C610-26B4-4F54-AFDF-9F2F5B2AEF05}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DCA45DB9-AEC1-434F-959D-9FE2F74750EF}] => (Allow) C:\Program Files\MobiGame\player\mobiplayer.exe (Game Player) [File not signed]
FirewallRules: [{984B1E2F-DAC5-43F6-B2C9-971B773FF329}] => (Allow) C:\Program Files\MobiGame\vbox\vboxheadless.exe (Iron Entertainment Inc. -> Oracle Corporation)
FirewallRules: [{34372731-C76B-4BE0-AA67-ED59CB31374A}] => (Allow) LPort=1688
FirewallRules: [{A63B5132-EB84-4241-A6EF-C0190897C6D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12430.20264.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-02-2020 17:00:15 Scheduled Checkpoint
12-02-2020 16:52:38 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/18/2020 06:22:28 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (02/18/2020 06:22:28 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
at _HPCommRecovery.Tools.Signtool.Verify(String arg)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.....

Error: (02/17/2020 10:03:46 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (02/17/2020 08:18:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 10.13.0.0, time stamp: 0x5e445d82
Faulting module name: ntdll.dll, version: 10.0.17763.1039, time stamp: 0x4dc06dfc
Exception code: 0xc0000005
Fault offset: 0x000000000004df23
Faulting process id: 0x1af4
Faulting application start time: 0x01d5e60a19b8afb5
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cf92a5af-1243-42d6-a121-635522e1c2aa
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2020 07:22:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PaintStudio.View.exe, version: 0.0.0.0, time stamp: 0x5d30f560
Faulting module name: twinapi.appcore.dll, version: 10.0.17763.973, time stamp: 0x0d83a788
Exception code: 0xc000027b
Fault offset: 0x00000000000bd578
Faulting process id: 0xe5c
Faulting application start time: 0x01d5e601b96dc590
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 602c3775-da43-40b7-a1e1-fbd434d46401
Faulting package full name: Microsoft.MSPaint_6.1907.18017.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MSPaint

Error: (02/17/2020 08:13:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 10.13.0.0, time stamp: 0x5e445d82
Faulting module name: ntdll.dll, version: 10.0.17763.1039, time stamp: 0x4dc06dfc
Exception code: 0xc0000005
Fault offset: 0x000000000004df23
Faulting process id: 0x18a0
Faulting application start time: 0x01d5e5a4c7fdb14c
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0f56bb82-500c-4e8f-a861-e6f5df88b4a9
Faulting package full name:
Faulting package-relative application ID:

Error: (02/17/2020 07:40:40 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at _HPCommRecovery.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (02/17/2020 07:40:37 AM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Failed in handling the PowerEvent. The error that occurred was: System.IO.IOException: The process cannot access the file 'C:\Windows\Temp\signtool.exe' because it is being used by another process.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode)
at _HPCommRecovery.Tools.Signtool.ExtractSignTool()
at _HPCommRecovery.Tools.Signtool.Verify(String arg)
at _HPCommRecovery.HPAHAgent.CallAgent()
at _HPCommRecovery.AppSession..ctor(DateTime Current, String LogPath)
at _HPCommRecovery.HPAHLogger.NewSession()
at _HPCommRecovery.....


System errors:
=============
Error: (02/18/2020 05:01:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 05:00:58 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 05:00:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 02:52:34 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 02:52:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 02:52:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 06:42:16 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2020 06:42:15 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MNATPML)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-MNATPML\Lillian SID (S-1-5-21-520046137-1738454763-4209218755-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-05-17 07:08:46.400
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-17 07:08:46.399
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-17 07:08:46.398
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-17 07:08:46.382
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-17 07:08:46.382
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.285.1510.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-02-14 10:51:17.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:17.192
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:17.043
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:17.038
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:17.006
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:16.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:16.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-14 10:51:16.820
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 34%
Total physical RAM: 15788.77 MB
Available physical RAM: 10391.83 MB
Total Virtual: 18220.77 MB
Available Virtual: 11242.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:470.41 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.53 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2020-02-19, 14:36
Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {8664DE82-3409-44EF-AC76-7A24804D3662} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FCheck: C:\WINDOWS\system32\eac_usermode_3175762292993092.dll [2019-05-31] <==== ATTENTION (zero byte File/Folder)
CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xC1A89939B6EBD3010E50F79C3DECD301020000002400000000000000 => No File
ShortcutWithArgument: C:\Users\Lillian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
AlternateDataStreams: C:\Users\Lillian\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [478]
FirewallRules: [{9C15C379-0EB7-4386-A6C5-8B31BA37FDD5}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{E1984601-82AB-4C30-884C-68A37BCB7CDB}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{6B0F6E54-AB92-48DF-B4FD-82BD74203E7D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0954DE90-F8DD-41AF-B47D-7B9EF580A312}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1AB2CD83-2AFF-466E-ADAE-E5664EA8CF24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [{42292E58-D1FB-4645-A378-AD1E47D6632A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bendy and the Ink Machine\BATIM.exe No File
FirewallRules: [TCP Query User{B06C0B1C-2AAF-4F3C-8F1F-ACA2E7A33103}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{60AD65A8-D6CB-48D1-B44E-12A2DA8F7534}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{5496ADFC-BF8F-4172-9BD1-26054AFD7BC4}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{76689C82-F7CC-4390-BA79-99FC25AFA603}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [{D303FC5B-CA57-4203-A0C3-58F21B67958C}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download and run AdwCleaner

Download AdwCleaner from here (https://downloads.malwarebytes.com/file/adwcleaner) and save it to your desktop.


run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

===================================================

Run Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/):

run the program
click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
click on the ‘Scan’ tab, (directly below the Dashboard tab)
select the Threat Scan option
slick the Scan Now button
Threat Scan will begin
when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
if prompted to restart the computer, close all other programs and click Yes to restart your computer
once you are back at your desktop, open MBAM once more
click on the ‘Reports’ tab
double-click on the most recent Scan Report
click on Export, then Copy to Clipboard

Logs to include with the next post:

Fixlog.txt
AdwCleaner log
Mbam.txt

gigglepot
2020-02-19, 19:14
Hi, before I do the steps outlined below, I just wanted to let you know that I got the kids to delete all their stuff off the desktop that they no longer need or use, and all of a sudden my computer starts up perfectly and quickly within seconds! Should I still continue with the steps below in case there's other stuff to clean up?

Juliet
2020-02-19, 22:57
Glad to hear clearing up the computer went well.

The question to continue, I'll leave it up to you.

If you would like to remove tools and quarantine folders for the few tools we used.

Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:
- Delete tools


Click the "Run" button.



When the tool has finished, it will create and open a log report and delete itself.

gigglepot
2020-02-20, 05:37
Will running the stuff above (Malwarebytes, etc.) basically just clean up my computer? Or what do they do?

Juliet
2020-02-20, 13:55
Running the above tools will remove/quantitative malicious or illegal items off your machine.

Task: {8664DE82-3409-44EF-AC76-7A24804D3662} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
The AutoPico.exe file is a software component of KMSpico by ELDI. KMSpico is an activator tool that is used to illegally activate copies of Windows 7/8/8.1/10 and Office 2010/2013/2016

Someone downloaded the above to crack what I think would be applied to Microsoft office. The tools I mentioned running will also go after bits and pieces of that to remove it off the computer.

gigglepot
2020-02-20, 18:27
I ran the AdwCleaner and it check marked all the PUPs and Adware so I hit Next, then the next screen said to select the preinstalled software that I want to quarantine. Should I check mark them all?

Juliet
2020-02-20, 22:59
Again, thats up to you. If you and your family use some of those games and such, keep them.

gigglepot
2020-02-21, 16:07
Here is the logfile for AdwCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-02-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-20-2020
# Duration: 00:00:39
# OS: Windows 10 Home
# Scanned: 34851
# Detected: 57


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\Users\Lillian\AppData\Roaming\Tencent
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

PUP.Optional.DriverUpdate C:\Users\Lillian\Downloads\DRIVERUPDATE-SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackjack +.lnk

***** [ Tasks ] *****

PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN

***** [ Registry ] *****

Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17DC42A2-F68C-4C6E-A685-B484C8ECF152}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPJumpStartBridge Folder C:\Program Files (x86)\HP\HP JUMPSTART BRIDGE
Preinstalled.HPJumpStartLaunch Folder C:\Program Files (x86)\HP\HP JUMPSTART LAUNCH
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F57CADA-CB76-426E-816A-BCE06E750A54}
Preinstalled.HPJumpStartLaunch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPJumpStartLaunch
Preinstalled.HPJumpStartLaunch Task C:\Windows\System32\Tasks\HPJUMPSTARTLAUNCH
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HP\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Lillian\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.SamsungSmartSwitch Folder C:\Users\Lillian\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Here is the MBam text:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/20/20
Scan Time: 10:09 PM
Log File: 4b7ed6d4-5468-11ea-96c7-10e7c6012b55.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.14905
License: Trial

-System Information-
OS: Windows 10 (Build 17763.1039)
CPU: x64
File System: NTFS
User: DESKTOP-MNATPML\Lillian

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348877
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 hr, 29 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

I didn't do the FRST and the fix for it because I was worried I'd delete things that belonged to the kids' games. I saw a lot of Minecraft in there!

Juliet
2020-02-22, 00:53
Run Adware again, when the list appears make sure to click on the below entries.




PUP.Optional.DriverUpdate C:\Windows\System32\Tasks\DRIVERUPDATE SCAN

***** [ Registry ] *****

Adware.TryMedia HKLM\Software\Wow6432Node\Trymedia Systems
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\download.driversupport.com
PUP.Optional.DriverAgent HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driversupport.com
PUP.Optional.DriverUpdate HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|DriverUpdate
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609C5D74-96CB-477D-B561-7717230B227C}
PUP.Optional.DriverUpdate HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{140FCF15-D11E-48F3-A4A0-C228B55EB906}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{151B702B-2C5C-496B-A0D3-0147834910DD}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4B362E53-F249-4B5D-975B-11810A0A6604}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5CA60DBE-5099-432B-BBC5-833788F4D077}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A86D0904-5AF1-4DE7-B203-C4EFB2FEA45D}
PUP.Optional.Legacy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DAF553A4-B5E2-48C2-B9E8-1C42DCC8D53E}
PUP.Optional.Legacy HKLM\Software\Classes\METNSD
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\slimware.com
PUP.Optional.Slimware HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\slimware.com






The other items found wont hurt anything.

gigglepot
2020-02-22, 06:30
I ran AdwCleaner again and I check marked PUP.Optional.Legacy, then went to the second screen and didn't see any of the other things you listed. This is what I see on the Preinstalled Software screen:
Preinstalled.HPAudioSwitch
Preinstalled.HPJumpStartBridge
Preinstalled. HPJumpStartLaunch
Preinstalled.HPRegistrationService
Preinstalled.HPSupportAssistant
Preinstalled.HPSureConnect
Preinstalled.SamsungSmartSwitch
Preinstalled.WildTangentGamesBundle

So I quarantine and restarted the computer and ran the scan again and the PUP.Optional.Legacy showed up again! But I know I got rid of it. And of course all the Preinstalled stuff was still there, but none were the ones you listed.

Juliet
2020-02-22, 13:27
PUP.Optional.Legacy is a game or part of bundled games that wasn't deleted so it will show up on another scan, also a part of Preinstalled.WildTangentGamesBundle

Give the computer a day or two, don't download anything, and if everything is working well we will remove the tools and folders from scanning.

gigglepot
2020-02-24, 15:48
So it's been a couple of days and no issues! But should I have check marked all of those Preinstalled items I listed in my last reply and quarantined them? I'm not sure what they are.

Juliet
2020-02-25, 00:58
Their mostly HP pre-installed functions and games.
I think for now with no issues, let's leave those alone.

gigglepot
2020-02-25, 01:35
Ok I will just leave them alone.
So is my next step to delete all the software I installed?

Juliet
2020-02-25, 01:55
Use this tool to remove quarantined items:

Please download KpRm (https://toolslib.net/downloads/viewdownload/951-kprm) by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.


Vista/Windows 7/8/10 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).

Put a check mark next to these items:
- Delete tools


Click the "Run" button.



When the tool has finished, it will create and open a log report and delete itself.

gigglepot
2020-02-25, 15:37
Here is the logfile:

# Run at 25-Feb-2020 6:34:05 AM
# KpRm (Kernel-panik) version 2.7
# Website https://kernel-panik.me/tool/kprm/
# Run by Lillian from C:\Users\Lillian\Desktop
# Computer Name: DESKTOP-MNATPML
# OS: Windows 10 X64 (17763)
# Number of passes: 1

- Checked options -

~ Delete Tools

- Delete Tools -


## AdwCleaner
[OK] C:\Users\Lillian\Desktop\adwcleaner_8.0.2.exe deleted

## FRST
[OK] C:\Users\Lillian\Desktop\Addition.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST64.exe deleted

- Other Lines -


## Quarantines keeped
~ C:\AdwCleaner (AdwCleaner)
~ C:\FRST (FRST)

-- KPRM finished in 11.84s --

But I still have 2 MalwareBytes icons on my desktop and this logfile. Do I need to just restart my computer for them to disappear or do I need to manually delete them?

Juliet
2020-02-25, 23:17
Probably but I think its a good idea to keep MalwareBytes and use it on occasion.

gigglepot
2020-02-26, 15:39
MalwareBytes didn't delete after I restarted the computer. I can keep it on my computer for future use but many times when I open a website, I get this popup "Website blocked due to hijack". How do I get rid of that?

Juliet
2020-02-27, 00:27
Based on your description of events it sounds like what happened was that an image or a bad ad, from the site in question attempted to load among the results so it was blocked by Malwarebytes via the Web Protection component.
it prevents your system from connecting to any site in its block list so you don't have to worry about anything malicious.

If you want to turn this feature off you can, myself I would leave it on at all times

When the window/alert opens again, see if there is a little checkmark you can click on the says, don't show this alert again?

OR
Open Malwarebytes, under the real time protection shield, click on the button beside Web Protection and this should turn it off.

Or
You can go to add remove programs list and remove the application from there.

gigglepot
2020-02-27, 05:43
I just decided to remove the program completely until I need it again.
Thank you for all your help, I think I'm good now! :o)

Juliet
2020-02-27, 13:08
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.