Jump to content

luckistarr956

Members
  • Content Count

    4
  • Joined

  • Last visited

About luckistarr956

  • Rank
    Member

Profile Information

  • OS
    Windows 10
  • Computer specs
    Dell XPS 8930 Tower Desktop - 8th Gen. Intel Core i7-8700 6-Core up to 4.60 GHz, 16GB DDR4 Memory, 256GB SSD + 1TB SATA Hard Drive, 4GB Nvidia GeForce GTX 1050Ti, DVD Burner, Windows 10

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. luckistarr956

    [RESOLVED] removal of wondershare filmora

    I Will look into adding additional RAM. Just deleted the folders manually. Thank you for your help.
  2. luckistarr956

    [RESOLVED] removal of wondershare filmora

    Hi, PC still running extremely slow. I still see the the wondershare files in the programs files folder. Thank you in advance for help.
  3. luckistarr956

    [RESOLVED] removal of wondershare filmora

    Hi, Please see below Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by Nora (15-04-2019 06:54:41) Run:1 Running from C:\Users\Nora\Desktop Loaded Profiles: Nora (Available Profiles: Nora & escalon & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files\Common Files\Wondershare HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully "C:\Program Files\Common Files\Wondershare" => not found HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) => Error: No automatic fix found for this entry. ==== End of Fixlog 06:54:41 ====
  4. My son installed wondershare filmora scrn (Build 2.0.1), Wondersharehelper Compact 2.5.2 , and UMMY Video Downloader. I have spent hours researching trying to uninstall and i have had no luck. I would like some help in removing it? PLEASE. Thank you In advance 🙂 I followed STEP1, STEP2, STEP3. from a previous thread read (see below step 1, step 2, step3) and posted the results below: Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scanbutton. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. STEP 1 Results: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/14/19 Scan Time: 1:00 PM Log File: 29112374-5edf-11e9-be0a-74e54394e9bb.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10160 License: Premium -System Information- OS: Windows 10 (Build 17134.706) CPU: x64 File System: NTFS User: escalon1\Nora -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 419951 Threats Detected: 22 Threats Quarantined: 0 Time Elapsed: 4 hr, 10 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 3 PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, No Action By User, [266], [626729],1.0.10160 Adware.SearchProvide, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|gkcffmoikcgfhagefelmhiakelnjihik, No Action By User, [380], [500746],1.0.10160 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 19 PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160 PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [357], [454816],1.0.10160 PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160 PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [628563],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [628563],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, [266], [626729],1.0.10160 PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160 Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160 Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160 Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) STEP 2 Results: ADWCLEANER # ------------------------------- # Malwarebytes AdwCleaner 7.3.0.0 # ------------------------------- # Build: 04-04-2019 # Database: 2019-04-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-14-2019 # Duration: 00:02:00 # OS: Windows 10 Home # Scanned: 27276 # Detected: 52 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\Users\Nora\AppData\Local\Downloaded Installers PUP.Optional.Legacy C:\Users\Nora\AppData\Local\DriverToolkit PUP.Optional.Legacy C:\Users\Nora\Documents\vShare PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers PUP.Optional.SlimCleanerPlus C:\ProgramData\slimware utilities inc PUP.Optional.SlimCleanerPlus C:\Users\Nora\AppData\Local\slimware utilities inc ***** [ Files ] ***** PUP.Optional.Legacy C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini PUP.Optional.Legacy C:\Windows\SysWOW64\lavasofttcpservice.dll PUP.Optional.Legacy C:\Windows\System32\LavasoftTcpService64.dll PUP.Optional.Legacy C:\Windows\System32\LavasoftTcpServiceOff.ini PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.ByteFence HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence PUP.Optional.InstallCore HKCU\Software\csastats PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjc-usadmm.dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjc-usadmm.dotomi.com PUP.Optional.Legacy HKCU\Software\ELLS LLC PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69 PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69 PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} PUP.Optional.SlimCleanerPlus HKCU\Software\SlimWare Utilities Inc PUP.Optional.SlimCleanerPlus HKLM\Software\SLIMWARE UTILITIES, INC. PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC. PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitmanpro-alert.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\painttool-sai.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yandere-simulator.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitmanpro-alert.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\painttool-sai.en.softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com PUP.Optional.SofTonicAssistant HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yandere-simulator.en.softonic.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com PUP.Optional.WeatherBuddy HKCU\Software\Melasys LLC PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion PUP.Optional.WinRepairPro HKCU\Software\win ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## STEP 3 Results: FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019 Ran by Nora (administrator) on ESCALON1 (14-04-2019 19:07:22) Running from C:\Users\Nora\Desktop Loaded Profiles: Nora & (Available Profiles: Nora & escalon & Administrator) Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Juniper Networks, Inc. -> Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd) C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Fortinet Technologies -> Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd) C:\Program Files (x86)\Common Files\aunhelper\worker.exe (Realtek) [File not signed] C:\Windows\SwUSB.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_12\mcapexe.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MDMAgent.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sc.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe () [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (Node.js Foundation -> Node.js) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\WINDOWS DEFENDER\MSASCUIL.EXE [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [BeatsOSDApp] => C:\PROGRAM FILES\IDT\WDM\BEATS64.EXE [37888 2012-08-10] (Hewlett-Packard ) [File not signed] HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TILTWHEELMOUSE.EXE [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM\...\Run: [iTunesHelper] => C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE [298296 2018-07-06] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [SysTrayApp] => C:\PROGRAM FILES\IDT\WDM\STTRAY64.EXE [1425408 2012-08-10] (IDT, Inc.) [File not signed] HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4869632 2016-11-07] (DYMO) [File not signed] HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.) HKLM-x32\...\Run: [sefb] => "C:\Program Files (x86)\Windows NT\Accessories\sefb\sefb.exe" HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare) HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-06-24] (Juniper Networks, Inc. -> Juniper Networks, Inc.) HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-05] (Valve -> Valve Corporation) HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-05] (Valve -> Valve Corporation) HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1366119177-2540758352-3978259168-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607811\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.) HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-07-30] (Broadcom Corporation -> Broadcom Corporation.) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{291c5e22-c8fb-460d-a6d0-d3a6a0b10c31}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{304efd2f-ca31-43f4-8e63-5f43077abb4e}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7277edeb-8e4e-4565-b67d-15c8a12551c4}: [DhcpNameServer] 192.168.36.1 Tcpip\..\Interfaces\{88bf8c49-fc58-4424-a8ba-b8c0abd390f0}: [DhcpNameServer] 192.168.36.1 Tcpip\..\Interfaces\{c19dee4a-f043-4db8-b122-d245240b4248}: [DhcpNameServer] 192.168.36.1 Tcpip\..\Interfaces\{f815298b-0fcc-42c5-856d-3f8b89ce1662}: [DhcpNameServer] 192.168.36.1 Tcpip\..\Interfaces\{f9f030d0-fb14-451f-9519-5052929199f5}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1 HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1 HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1 HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1 HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1 SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311337&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1717EQYntO8oR7qXelBKT0RDR%2FEErEsDhNqGVI%2B%2FeDt8Z4beG4U108mdWHxBGFHi2Qdf0Y%2B%2FBDFgO%2FxTOcKBRCq5BhUHHBJTdxrOU1%2B3GujyY4WIllOA416q8TCJsPQMllGtVQlP6ndomwlcxZwScmFz1wG%2BiPzGDQ1zMWoC8a3hRR9fxZEsCQS6UHNCql6RRIKP15bua1LXO9rRd7w%2BlUOruPNFJag0qzYoxLs8k9hQ%3D%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311337&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1717EQYntO8oR7qXelBKT0RDR%2FEErEsDhNqGVI%2B%2FeDt8Z4beG4U108mdWHxBGFHi2Qdf0Y%2B%2FBDFgO%2FxTOcKBRCq5BhUHHBJTdxrOU1%2B3GujyY4WIllOA416q8TCJsPQMllGtVQlP6ndomwlcxZwScmFz1wG%2BiPzGDQ1zMWoC8a3hRR9fxZEsCQS6UHNCql6RRIKP15bua1LXO9rRd7w%2BlUOruPNFJag0qzYoxLs8k9hQ%3D%3D&p={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-01] (McAfee, Inc. -> McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-01] (McAfee, Inc. -> McAfee, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-01] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-03-18] [Legacy] [not signed] FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-01-07] (McAfee, Inc. -> ) FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.) FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.) FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-01] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-01-07] (McAfee, Inc. -> ) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nora\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nora\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed] Chrome: ======= CHR DefaultProfile: Profile 2 CHR HomePage: Profile 2 -> homepage.ssoextension.com CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/" CHR NewTab: Profile 2 -> Not-active:"chrome-extension://pdkhllgdkelibgakgnbndpjmefinjajj/pdfconverter.html" CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default [2019-04-13] CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14] CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14] CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27] CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27] CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-23] CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-19] CHR Extension: (Use the Creative Cloud Cleaner Tool t...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipblamillnafmheogllkdcnkchpgjnmc [2017-06-10] CHR Extension: (fire walk) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpidockhlenpkfhofmhopohpckbcpkff [2016-12-17] CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2016-12-17] CHR Extension: (Wikibuy) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-04-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12] CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-27] CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13] CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-21] CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-06] CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-06] CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05] CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05] CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05] CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-06] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-01-21] CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17] CHR Extension: (HP Network Check Launcher) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-06] CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05] CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-23] CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-04-14] CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-09-19] CHR Extension: (AliExpress.com - Online Shopping for ...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afnnlnmfnajnjgfdhkacdcldkchhfkde [2019-04-13] CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02] CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02] CHR Extension: (Social Blade) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2018-12-08] CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (McAfee® WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-12-08] CHR Extension: (TMA iServiceDesk - University of Texa...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gejgipjecjifipiobmcfbkiaoaleoifa [2017-06-02] CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-14] CHR Extension: (UTRGV School of Medicine - Applicatio...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ibmjkkiokcemafmiafjpkjlmmcifcbmm [2017-06-02] CHR Extension: (HP Network Check Launcher) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-10-14] CHR Extension: (Cisco Webex Extension) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09] CHR Extension: (Free Play For Games Ad) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kpjmhebnligfgonajiiicnocjmcfagjh [2017-11-21] CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2017-06-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02] CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13] CHR Extension: (SAT® Registration - Your SAT Registra...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pmkeikenioofemopmppkehmafdafbihc [2018-08-09] CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-13] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.) R2 aunhelper; C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe [457840 2016-05-11] (Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-22] (BattlEye Innovations e.K. -> ) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2016-11-07] (Sanford, L.P.) [File not signed] R2 FortiSslvpnDaemon; C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-04-09] (Fortinet Technologies -> Fortinet Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-01] (McAfee, Inc. -> McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-08] (McAfee, Inc. -> McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2018-12-05] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2018-12-05] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [509728 2018-12-05] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1333064 2018-10-26] (McAfee, Inc. -> McAfee, Inc.) R2 RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed] R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> ) R2 SNMP; C:\WINDOWS\System32\snmp.exe [52736 2018-07-25] (Microsoft Windows -> Microsoft Corporation) R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2018-07-25] (Microsoft Windows -> Microsoft Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology Corporation -> Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21639712 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [682528 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.) S3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774720 2016-04-06] (Broadcom Corporation -> Broadcom Corp) S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [187168 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77144 2018-12-10] (McAfee, Inc. -> McAfee, LLC) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink) S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [27128 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM) S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [26104 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-03-22] (Malwarebytes Corporation -> Malwarebytes) S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [14136 2013-11-11] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks) S3 jnprva; C:\WINDOWS\system32\DRIVERS\jnprva.sys [30072 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks, Inc.) S3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks, Inc.) R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-22] (Malwarebytes Corporation -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-14] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-14] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-14] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-14] (Malwarebytes Corporation -> Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [510808 2018-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373592 2018-12-10] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [516952 2018-12-10] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [980824 2018-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117592 2018-12-10] (McAfee, Inc. -> McAfee, LLC) R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-01] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253784 2018-12-10] (McAfee, Inc. -> McAfee, LLC) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [42528 2009-07-21] (Fortinet Technologies -> Fortinet Inc.) R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7147888 2017-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [540160 2012-08-10] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology Corporation -> Wacom Technology) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation) S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-14 19:07 - 2019-04-14 19:13 - 000043445 _____ C:\Users\Nora\Desktop\FRST.txt 2019-04-14 19:03 - 2019-04-14 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2019-04-14 18:56 - 2019-04-14 18:56 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2019-04-14 18:56 - 2019-04-14 18:56 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2019-04-14 18:38 - 2019-04-14 18:45 - 000000000 ____D C:\AdwCleaner 2019-04-14 18:33 - 2019-04-14 10:06 - 007025360 _____ (Malwarebytes) C:\Users\Nora\Desktop\adwcleaner_7.3.exe 2019-04-14 17:37 - 2019-04-14 18:57 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2019-04-14 17:16 - 2019-04-14 17:16 - 000004858 _____ C:\Users\Nora\Desktop\04142019.txt 2019-04-14 14:54 - 2019-04-14 10:11 - 002434048 _____ (Farbar) C:\Users\Nora\Desktop\FRST64.exe 2019-04-14 12:49 - 2019-04-14 19:07 - 000000000 ____D C:\FRST 2019-04-14 11:37 - 2019-04-14 18:56 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2019-04-13 08:23 - 2019-04-13 08:23 - 000004995 _____ C:\Users\Nora\Desktop\24 threats 04132019.txt 2019-04-09 20:06 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-04-09 20:06 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2019-04-09 20:06 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-04-09 20:05 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-04-09 20:05 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2019-04-09 20:05 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2019-04-09 20:05 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2019-04-09 20:05 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll 2019-04-09 20:05 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-04-09 20:05 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-04-09 20:05 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2019-04-09 20:05 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2019-04-09 20:05 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2019-04-09 20:05 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-04-09 20:05 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll 2019-04-09 20:05 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-04-09 20:05 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2019-04-09 20:05 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2019-04-09 20:05 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2019-04-09 20:05 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-04-09 20:05 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2019-04-09 20:05 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2019-04-09 20:05 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-04-09 20:05 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-04-09 20:05 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-04-09 20:05 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-04-09 20:05 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2019-04-09 20:05 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2019-04-09 20:05 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2019-04-09 20:05 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2019-04-09 20:05 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2019-04-09 20:05 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2019-04-09 20:05 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-04-09 20:05 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2019-04-09 20:05 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-04-09 20:05 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2019-04-09 20:05 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2019-04-09 20:05 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2019-04-09 20:05 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-04-09 20:05 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-04-09 20:05 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2019-04-09 20:05 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-04-09 20:05 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2019-04-09 20:05 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2019-04-09 20:05 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-04-09 20:05 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-04-09 20:05 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2019-04-09 20:05 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2019-04-09 20:05 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-04-09 20:05 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2019-04-09 20:05 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-04-09 20:05 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2019-04-09 20:05 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2019-04-09 20:05 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2019-04-09 20:05 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-04-09 20:05 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-04-09 20:05 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2019-04-09 20:05 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2019-04-09 20:05 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-04-09 20:05 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2019-04-09 20:05 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll 2019-04-09 20:05 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2019-04-09 20:05 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2019-04-09 20:05 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2019-04-09 20:05 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2019-04-09 20:05 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2019-04-09 20:05 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2019-04-09 20:05 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2019-04-09 20:05 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2019-04-09 20:05 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll 2019-04-09 20:05 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-04-09 20:05 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2019-04-09 20:05 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2019-04-09 20:05 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2019-04-09 20:05 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-04-09 20:05 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2019-04-09 20:05 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-04-09 20:05 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-04-09 20:05 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-04-09 20:05 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-04-09 20:05 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2019-04-09 20:05 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-04-09 20:05 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2019-04-09 20:05 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys 2019-04-09 20:05 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2019-04-09 20:05 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-04-09 20:05 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2019-04-09 20:05 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2019-04-09 20:05 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2019-04-09 20:05 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2019-04-09 20:05 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2019-04-09 20:05 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2019-04-09 20:05 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2019-04-09 20:05 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2019-04-09 20:05 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2019-04-09 20:05 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2019-04-09 20:05 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll 2019-04-09 20:05 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2019-04-09 20:05 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2019-04-09 20:05 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll 2019-04-09 20:05 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2019-04-09 20:05 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2019-04-09 20:05 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2019-04-09 20:05 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-04-09 20:05 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2019-04-09 20:05 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2019-04-09 20:05 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll 2019-04-09 20:05 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2019-04-09 20:05 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll 2019-04-09 20:05 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2019-04-09 20:05 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll 2019-04-09 20:05 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2019-04-09 20:05 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2019-04-09 20:05 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2019-04-09 20:05 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2019-04-09 20:05 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2019-04-09 20:05 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2019-04-09 20:05 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2019-04-09 20:05 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2019-04-09 20:05 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2019-04-09 20:05 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll 2019-04-09 20:05 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2019-04-09 20:05 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll 2019-04-09 20:05 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2019-04-09 20:05 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2019-04-09 20:05 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2019-04-09 20:05 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2019-04-09 20:05 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2019-04-09 20:05 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2019-04-09 20:05 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2019-04-09 20:05 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2019-04-09 20:05 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2019-04-09 20:05 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2019-04-09 20:04 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-04-09 20:04 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2019-04-09 20:04 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll 2019-04-09 20:04 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2019-04-09 20:04 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll 2019-04-09 20:04 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2019-04-09 20:04 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2019-04-09 20:04 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2019-04-09 20:04 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-04-09 20:04 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-04-09 20:04 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2019-04-09 20:04 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2019-04-09 20:04 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim 2019-04-09 20:04 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2019-04-09 20:04 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2019-04-09 20:04 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2019-04-09 20:04 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2019-04-09 20:04 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2019-04-09 20:04 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2019-04-09 20:04 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2019-04-09 20:04 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2019-04-09 20:04 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll 2019-04-09 20:04 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2019-04-09 20:04 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2019-04-09 20:04 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys 2019-04-09 20:04 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe 2019-04-09 20:04 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll 2019-04-09 20:04 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll 2019-04-09 20:04 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll 2019-04-09 20:04 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe 2019-04-09 20:04 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll 2019-04-09 20:04 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll 2019-04-09 20:04 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2019-04-09 20:04 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll 2019-04-09 20:04 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2019-04-09 20:04 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll 2019-04-09 20:04 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2019-04-09 20:04 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2019-04-09 20:04 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll 2019-04-09 20:04 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll 2019-04-09 20:04 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll 2019-04-09 20:04 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2019-04-09 20:04 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2019-04-09 20:04 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2019-04-09 20:04 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2019-04-09 20:04 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2019-04-09 20:04 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2019-04-09 20:04 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2019-04-09 20:04 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2019-04-09 20:04 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2019-04-09 20:04 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-04-09 20:04 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2019-04-09 20:04 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll 2019-04-09 20:04 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll 2019-04-09 20:04 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll 2019-04-09 20:04 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe 2019-04-09 20:04 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll 2019-04-09 20:04 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2019-04-09 20:04 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2019-04-09 20:04 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2019-04-09 20:04 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2019-04-09 20:04 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll 2019-04-09 20:04 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2019-04-09 20:04 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll 2019-04-09 20:04 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll 2019-04-09 20:04 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2019-04-09 20:04 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2019-04-09 20:04 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2019-04-09 20:04 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2019-04-09 20:04 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2019-04-09 20:04 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2019-04-09 20:04 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2019-03-25 17:37 - 2019-03-25 17:37 - 000000000 ____D C:\Users\Nora\AppData\Local\HP 2019-03-22 19:14 - 2019-03-22 19:14 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2019-03-19 17:59 - 2019-03-19 17:59 - 000001412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2019-03-19 17:59 - 2019-03-19 17:59 - 000001400 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2019-03-19 17:07 - 2019-03-19 17:07 - 000000000 ____D C:\Users\Nora\AppData\Local\mbamtray 2019-03-19 17:07 - 2019-03-19 17:07 - 000000000 ____D C:\Users\Nora\AppData\Local\mbam 2019-03-17 20:01 - 2019-03-22 19:13 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2019-03-17 20:01 - 2019-03-17 20:01 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-03-17 20:01 - 2019-03-17 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-03-17 20:01 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2019-03-17 17:30 - 2019-02-16 05:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-03-17 17:29 - 2019-03-06 10:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-03-17 17:29 - 2019-03-06 10:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2019-03-17 17:29 - 2019-03-06 10:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2019-03-17 17:29 - 2019-03-06 10:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2019-03-17 17:29 - 2019-03-06 10:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2019-03-17 17:29 - 2019-03-06 10:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2019-03-17 17:29 - 2019-03-06 07:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2019-03-17 17:29 - 2019-03-06 07:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2019-03-17 17:29 - 2019-03-06 04:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2019-03-17 17:29 - 2019-03-06 04:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2019-03-17 17:29 - 2019-03-06 04:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2019-03-17 17:29 - 2019-03-06 04:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2019-03-17 17:29 - 2019-03-06 04:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-03-17 17:29 - 2019-03-06 04:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-03-17 17:29 - 2019-03-06 04:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2019-03-17 17:29 - 2019-03-06 04:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2019-03-17 17:29 - 2019-03-06 04:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2019-03-17 17:29 - 2019-03-06 03:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-03-17 17:29 - 2019-03-06 03:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2019-03-17 17:29 - 2019-03-06 03:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2019-03-17 17:29 - 2019-03-06 03:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2019-03-17 17:29 - 2019-03-06 03:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2019-03-17 17:29 - 2019-03-06 03:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2019-03-17 17:29 - 2019-03-06 03:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2019-03-17 17:29 - 2019-03-06 03:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2019-03-17 17:29 - 2019-03-06 01:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2019-03-17 17:29 - 2019-03-06 01:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2019-03-17 17:29 - 2019-03-06 01:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2019-03-17 17:29 - 2019-03-06 01:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2019-03-17 17:29 - 2019-03-06 00:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2019-03-17 17:29 - 2019-03-06 00:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2019-03-17 17:29 - 2019-03-06 00:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2019-03-17 17:29 - 2019-02-20 22:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2019-03-17 17:29 - 2019-02-16 08:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2019-03-17 17:29 - 2019-02-16 08:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2019-03-17 17:29 - 2019-02-16 08:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2019-03-17 17:29 - 2019-02-16 07:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2019-03-17 17:29 - 2019-02-16 07:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2019-03-17 17:29 - 2019-02-16 07:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2019-03-17 17:29 - 2019-02-16 07:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2019-03-17 17:29 - 2019-02-16 07:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-03-17 17:29 - 2019-02-16 07:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2019-03-17 17:29 - 2019-02-16 07:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2019-03-17 17:29 - 2019-02-16 07:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2019-03-17 17:29 - 2019-02-16 07:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2019-03-17 17:29 - 2019-02-16 07:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2019-03-17 17:29 - 2019-02-16 07:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2019-03-17 17:29 - 2019-02-16 07:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2019-03-17 17:29 - 2019-02-16 07:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2019-03-17 17:29 - 2019-02-16 07:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2019-03-17 17:29 - 2019-02-16 07:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2019-03-17 17:29 - 2019-02-16 07:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2019-03-17 17:29 - 2019-02-16 07:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-03-17 17:29 - 2019-02-16 07:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2019-03-17 17:29 - 2019-02-16 07:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2019-03-17 17:29 - 2019-02-16 07:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2019-03-17 17:29 - 2019-02-16 07:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2019-03-17 17:29 - 2019-02-16 05:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-03-17 17:29 - 2019-02-16 03:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2019-03-17 17:29 - 2019-02-16 03:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2019-03-17 17:29 - 2019-02-16 03:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe 2019-03-17 17:29 - 2019-02-16 03:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2019-03-17 17:29 - 2019-02-16 03:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2019-03-17 17:29 - 2019-02-16 03:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2019-03-17 17:29 - 2019-02-16 03:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2019-03-17 17:29 - 2019-02-16 03:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2019-03-17 17:29 - 2019-02-16 03:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2019-03-17 17:29 - 2019-02-16 03:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2019-03-17 17:29 - 2019-02-16 03:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2019-03-17 17:29 - 2019-02-16 03:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2019-03-17 17:29 - 2019-02-16 03:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2019-03-17 17:29 - 2019-02-16 03:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2019-03-17 17:29 - 2019-02-16 03:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2019-03-17 17:29 - 2019-02-16 03:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2019-03-17 17:29 - 2019-02-16 03:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll 2019-03-17 17:29 - 2019-02-16 03:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2019-03-17 17:29 - 2019-02-16 03:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2019-03-17 17:29 - 2019-02-16 03:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2019-03-17 17:29 - 2019-02-16 02:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2019-03-17 17:29 - 2019-02-16 02:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2019-03-17 17:29 - 2019-02-16 02:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2019-03-17 17:29 - 2019-02-16 02:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2019-03-17 17:29 - 2019-02-16 02:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll 2019-03-17 17:29 - 2019-02-16 02:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2019-03-17 17:29 - 2019-02-16 02:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2019-03-17 17:29 - 2019-02-16 02:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2019-03-17 17:29 - 2019-02-16 02:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll 2019-03-17 17:29 - 2019-02-16 02:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2019-03-17 17:29 - 2019-02-16 02:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2019-03-17 17:29 - 2019-02-16 02:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2019-03-17 17:29 - 2019-02-16 02:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2019-03-17 17:29 - 2019-02-16 02:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2019-03-17 17:29 - 2019-02-16 02:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2019-03-17 17:29 - 2019-02-16 02:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2019-03-17 17:29 - 2019-02-16 02:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2019-03-17 17:29 - 2019-02-16 02:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2019-03-17 17:29 - 2019-02-16 02:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2019-03-17 17:29 - 2019-02-16 02:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2019-03-17 17:29 - 2019-02-16 02:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll 2019-03-17 17:29 - 2019-02-16 02:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2019-03-17 17:29 - 2019-02-16 02:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2019-03-17 17:29 - 2019-02-16 02:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2019-03-17 17:29 - 2019-02-16 02:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2019-03-17 17:29 - 2019-02-16 02:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2019-03-17 17:29 - 2019-02-16 02:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2019-03-17 17:29 - 2019-02-16 02:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2019-03-17 17:29 - 2019-02-16 02:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2019-03-17 17:28 - 2019-03-06 10:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2019-03-17 17:28 - 2019-03-06 10:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2019-03-17 17:28 - 2019-03-06 07:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2019-03-17 17:28 - 2019-03-06 04:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2019-03-17 17:28 - 2019-03-06 04:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2019-03-17 17:28 - 2019-03-06 04:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2019-03-17 17:28 - 2019-03-06 04:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2019-03-17 17:28 - 2019-03-06 04:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2019-03-17 17:28 - 2019-03-06 03:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2019-03-17 17:28 - 2019-03-06 03:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-03-17 17:28 - 2019-03-06 03:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2019-03-17 17:28 - 2019-03-06 03:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-03-17 17:28 - 2019-03-06 01:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2019-03-17 17:28 - 2019-03-06 01:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2019-03-17 17:28 - 2019-03-06 00:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2019-03-17 17:28 - 2019-02-16 07:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2019-03-17 17:28 - 2019-02-16 07:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll 2019-03-17 17:28 - 2019-02-16 07:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2019-03-17 17:28 - 2019-02-16 07:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2019-03-17 17:28 - 2019-02-16 07:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2019-03-17 17:28 - 2019-02-16 07:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2019-03-17 17:28 - 2019-02-16 07:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2019-03-17 17:28 - 2019-02-16 03:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2019-03-17 17:28 - 2019-02-16 03:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2019-03-17 17:28 - 2019-02-16 03:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2019-03-17 17:28 - 2019-02-16 03:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2019-03-17 17:28 - 2019-02-16 02:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2019-03-17 17:28 - 2019-02-16 02:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2019-03-17 17:28 - 2019-02-16 02:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2019-03-17 17:28 - 2019-02-16 02:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2019-03-17 17:28 - 2019-02-16 02:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2019-03-17 17:28 - 2019-02-16 02:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll 2019-03-17 17:28 - 2019-02-16 02:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2019-03-17 17:28 - 2019-02-16 02:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll 2019-03-17 17:28 - 2019-02-16 02:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2019-03-17 17:28 - 2019-02-16 02:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-04-14 19:08 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2019-04-14 19:06 - 2017-09-01 19:53 - 000000000 ___RD C:\Users\Nora\Creative Cloud Files 2019-04-14 19:05 - 2016-08-27 19:51 - 000000000 ___HD C:\Users\Nora\AppData\Local\Adobe 2019-04-14 18:56 - 2016-09-13 20:25 - 000000000 ____D C:\Users\Nora\AppData\Roaming\WTablet 2019-04-14 18:55 - 2018-07-25 20:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2019-04-14 18:53 - 2018-04-11 16:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2019-04-14 18:52 - 2015-10-01 07:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2019-04-14 18:26 - 2018-07-25 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-04-14 11:37 - 2018-07-25 20:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2019-04-14 11:18 - 2017-07-15 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2019-04-14 11:18 - 2012-09-26 20:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos 2019-04-14 11:11 - 2017-06-14 21:29 - 000000000 ____D C:\Program Files\McAfee 2019-04-14 08:06 - 2018-07-25 20:12 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5EDC7ABF-B3D0-4F1F-A770-E8BED088493B} 2019-04-12 03:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2019-04-11 11:02 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps 2019-04-09 21:49 - 2017-06-14 21:22 - 000000000 ____D C:\Program Files\Common Files\McAfee 2019-04-09 21:15 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF 2019-04-09 21:14 - 2018-07-25 19:29 - 000430184 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender 2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput 2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-04-09 20:33 - 2018-12-22 22:17 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-04-09 20:33 - 2018-12-22 22:17 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2019-04-09 20:28 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-04-09 20:01 - 2015-05-16 17:18 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-04-09 19:49 - 2015-04-22 20:32 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-04-08 12:21 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2019-04-04 21:22 - 2017-06-27 19:50 - 000000000 ____D C:\Program Files\rempl 2019-04-01 12:51 - 2018-12-01 14:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2019-04-01 12:51 - 2018-12-01 14:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2019-03-31 09:46 - 2015-12-31 05:18 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-03-30 16:39 - 2018-07-25 19:43 - 000000000 ____D C:\Users\Nora 2019-03-30 14:47 - 2018-07-27 23:22 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1366119177-2540758352-3978259168-1001 2019-03-30 14:47 - 2018-07-25 19:43 - 000002406 _____ C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2019-03-30 14:47 - 2015-10-01 18:38 - 000000000 ___RD C:\Users\Nora\OneDrive 2019-03-27 19:19 - 2018-12-22 22:12 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2019-03-27 19:19 - 2018-12-22 22:12 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2019-03-26 17:50 - 2016-08-10 17:08 - 000000000 ___HD C:\Users\Nora\AppData\Local\Spotify 2019-03-26 17:50 - 2016-08-10 17:07 - 000000000 ____D C:\Users\Nora\AppData\Roaming\Spotify 2019-03-24 18:07 - 2016-06-21 22:11 - 000000000 ____D C:\Program Files (x86)\vShare Helper 2019-03-24 17:59 - 2019-02-27 22:03 - 000000000 ____D C:\Program Files (x86)\Steam 2019-03-19 18:09 - 2018-07-25 20:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-03-19 17:59 - 2016-08-27 19:53 - 000000000 ____D C:\Program Files (x86)\Adobe 2019-03-18 19:11 - 2018-07-25 20:12 - 000003316 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2019-03-18 19:06 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2019-03-18 19:06 - 2015-04-23 17:52 - 000000000 ____D C:\ProgramData\McAfee 2019-03-17 20:05 - 2015-04-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP 2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender ==================== Files in the root of some directories ======= 2018-12-22 22:12 - 2018-12-22 22:12 - 007895040 _____ () C:\Program Files (x86)\GUT7147.tmp 2016-10-09 18:36 - 2017-01-16 19:13 - 000000033 _____ () C:\Users\Nora\AppData\Roaming\AdobeWLCMCache.dat 2017-03-12 23:16 - 2017-03-16 00:25 - 000000022 _____ () C:\Users\Nora\AppData\Roaming\rbx_hook 2017-03-12 23:16 - 2017-03-12 23:16 - 000000024 _____ () C:\Users\Nora\AppData\Roaming\version 2018-09-26 06:50 - 2019-03-26 02:50 - 000000719 _____ () C:\Users\Nora\AppData\Local\oobelibMkey.log 2019-02-23 16:09 - 2019-02-23 16:09 - 000000878 _____ () C:\Users\Nora\AppData\Local\recently-used.xbel 2018-12-28 08:42 - 2018-12-28 08:42 - 000000000 _____ () C:\Users\Nora\AppData\Local\{2489EC21-4738-40FE-A70F-985CB8691020} 2018-12-21 10:35 - 2018-12-21 10:35 - 000000000 _____ () C:\Users\Nora\AppData\Local\{3B25D5B8-B452-43F1-99FB-B205751BDB7E} 2018-12-16 10:18 - 2018-12-16 10:18 - 000000000 _____ () C:\Users\Nora\AppData\Local\{B20FF6C7-E5E6-41CF-A14C-03BE234D5997} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\dllhost.exe => File is digitally signed C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-07-25 19:29 ==================== End of FRST.txt ============================ STEP3 RESULTS: Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Ran by Nora (14-04-2019 19:15:48) Running from C:\Users\Nora\Desktop Windows 10 Home Version 1803 17134.706 (X64) (2018-07-26 01:13:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1366119177-2540758352-3978259168-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-1366119177-2540758352-3978259168-503 - Limited - Disabled) escalon (S-1-5-21-1366119177-2540758352-3978259168-1006 - Administrator - Enabled) => C:\Users\escalon Guest (S-1-5-21-1366119177-2540758352-3978259168-501 - Limited - Disabled) Nora (S-1-5-21-1366119177-2540758352-3978259168-1001 - Administrator - Enabled) => C:\Users\Nora WDAGUtilityAccount (S-1-5-21-1366119177-2540758352-3978259168-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\{F60B8711-9A86-46F0-B4F0-E9E4D74E5DFD}) (Version: 20.28.3317.04403 - Alcor Micro Corp.) Hidden Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.28.3317.04403 - Alcor Micro Corp.) AMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.66.1 - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation) Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1800 - Broadcom Corporation) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DriverUpdate (HKLM-x32\...\{36488064-FDB3-451C-923B-FDD9D69C2554}) (Version: 2.7.3 - Slimware Utilities Holdings, Inc.) Hidden DYMO Label (HKLM-x32\...\{32F63575-CB7F-4DAC-B6DE-4B073BC82257}) (Version: 8.6.611.42161 - Newell Rubbermaid) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden FortiClient SSLVPN v4.0.2300 (HKLM-x32\...\{A34DCE59-0004-0000-2300-3F8A9926B752}) (Version: 4.0.2300 - Fortinet Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.47721 - Juniper Networks, Inc.) Junos Pulse Core Components (HKLM-x32\...\{BF38F6AE-23B7-4186-9D24-CB3D71C39BB0}) (Version: 5.0.47721 - Juniper Networks) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.17336 - McAfee, Inc.) Microsoft OneDrive (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - ) REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden Spotify (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\Spotify) (Version: 1.0.94.262.g3d5c231c - Spotify AB) Spotify (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\Spotify) (Version: 1.0.94.262.g3d5c231c - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.8.3.3 - ) <==== ATTENTION Unity Web Player (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden VC8 CRT (HKLM\...\{D2DC854A-B12C-411E-A158-27576F5ED0FC}) (Version: 8.0.50727.762 - Juniper Networks) Hidden Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.) WebM Project Directshow Filters (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project) WebM Project Directshow Filters (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\webmdshow) (Version: 1.0.4.1 - WebM Project) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation) Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth (11/19/2013 12.0.0.9050) (HKLM\...\842F79923C68674AEB21691125DD165B4B2B4ADD) (Version: 11/19/2013 12.0.0.9050 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) Wondershare Filmora Scrn(Build 2.0.1) (HKLM\...\Wondershare Filmora Scrn_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F7BC4EE29FB} -> [Creative Cloud Files] => C:\Users\Nora\Creative Cloud Files [2017-09-01 19:53] CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Nora\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc. -> Apple Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06673974-8ADE-444C-9BB8-51763A91B146} - System32\Tasks\{E03FCA16-2BA0-4296-9C7E-EA25CD466735} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12007 Task: {1548D1EF-F703-4748-A6AB-73DB75A1EDAB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {1C7ED789-1BE2-47B7-B9F6-9A9E0F6F912E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {1D93ABDB-782C-4157-A254-B829167DF2EA} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe Task: {1FAA47B6-4854-4106-B3C6-B33180EEA9E5} - System32\Tasks\{0D0587A2-A128-400F-AC44-A9EC93BC3D2D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Nora\AppData\Local\Roblox\Versions\version-0ae7a206c5f64a6e\RobloxPlayerLauncher.exe -c -uninstall Task: {21E259CC-186E-4A8A-BB8A-2DEFF6B9FED6} - System32\Tasks\{11B0AF0A-AA26-48C6-B681-73EADA4B99A2} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12007 Task: {24774362-8FF8-4C2C-A0D3-DF5FC9FC471F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {30D524E9-79B0-41E9-9884-EF432F492890} - System32\Tasks\Opera scheduled Autoupdate 1532983134 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe Task: {345DB3E1-309A-4EE8-B492-8F0EBD2DD6D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {385230DC-F9FB-4924-88E6-87FAE27C1041} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {3CF68246-028A-4F03-9E8E-D75EB16EA5CC} - System32\Tasks\{DBA617C2-1D56-41C1-9F06-EC65456D29E3} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Nora\Downloads\Minecraft-Installer.exe -d C:\Users\Nora\Downloads Task: {445866D3-1020-42D7-9499-76B029EB5DAE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {49181945-AF08-4A64-B251-917919A001D1} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated -> Adobe Inc.) Task: {4F2DD9DB-D4D1-4C63-910A-A132AD5521B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {5364D03D-5F11-419F-B0ED-EE0579FE4231} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> ) Task: {53BAD874-CF40-4D03-A91A-FB32F075B0DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {54F15019-F24E-436D-86D8-0CD08C051C10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {5541E9BF-1F95-484C-9F3F-E31DB8B1AF2C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {58DF617A-7B01-4E3A-9859-AF576200AA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {59A0598E-E615-415E-8856-EC5D07DE5270} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.) Task: {5C5F2C4B-6ADC-4570-87B0-4FCB429AC766} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {5CDCDF9F-BD20-446C-892D-BC4618C6F304} - System32\Tasks\{445558F3-EB04-4FFD-8861-608A540AA923} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain Task: {5E61A0F0-5891-4A12-B292-8AF738BAA674} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {699FD9B0-E06F-40EC-B37D-4A54F12D413B} - \PaintTool SAI -> No File <==== ATTENTION Task: {6A2E2B2A-D19C-4ED5-B882-1C79F5B9FE33} - System32\Tasks\{9B2B2BF9-571A-439F-8FCD-1C0C0472FC95} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {6A945380-DA91-4F49-A592-D51B07016FC1} - System32\Tasks\AdobeGCInvoker-1.0-escalon1-Nora => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {737A7896-E5AC-4099-B65E-F4D9537D9A21} - System32\Tasks\{2E118EE2-8E33-4568-857B-DBFE599F8898} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002 Task: {7864DC25-7FB3-4629-BC15-86E21BE4B92C} - System32\Tasks\AdobeAAMUpdater-1.0-escalon1-Nora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {86E55570-C03A-4F07-B2ED-07BC4B6B0013} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) Task: {8747D87B-AD0A-4E5C-BF5A-B6E8F6C39447} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {89D353ED-4213-4D5E-8B47-6C61827E36B9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.) Task: {8AF97166-5DEB-4220-AB66-1635011F5CA0} - System32\Tasks\Opera scheduled suite Autoupdate 1532983150 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe Task: {8AFCD530-EC4C-4D24-820E-212DFC65148B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {91D37A8C-1E5F-4801-B10D-709C78596536} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {94D4C668-D90A-4A00-8A40-781DC3E8E25E} - System32\Tasks\{1C13A72D-514C-4E85-94E4-E310CCDFF2A2} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=-9 Task: {995AF317-BFAD-4824-96B2-88E4513CA037} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {A1F06C69-D2D4-4ED5-A0B3-D25A1493D165} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures Task: {A2B24E26-61BA-4649-B2AE-21AF5AF80DF7} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.) Task: {A6E09DED-B7DF-4F7D-B11A-0B853C512518} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) Task: {A9F9B5E1-8FF2-4800-94FB-43F734859C4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {aec80530-aca0-4d0d-887b-6e5808a5f6d9} - no filepath Task: {B180610B-CBED-493C-8166-465FDCAC1116} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {CEE0045E-0913-42C3-B0F4-5AC555A85CBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D4CE2710-B68B-492D-8008-5941CF9CD8D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {D5891155-65A5-4665-8A33-FFD77C2A5970} - System32\Tasks\Opera scheduled assistant Autoupdate 1550606701 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe Task: {D6D16CED-E5C3-4972-8BE5-F675265F8D0A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.) Task: {DAB48764-AF1E-44DC-8663-B4D6866938EB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E20B9411-6AC6-4E78-9864-8BB567E6F353} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {E97185E1-7BBE-418B-8572-BF7E6379CE5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {ED5CE1C7-3184-4E7C-8905-C8D38557A08C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.) Task: {EF90240B-8E0F-4915-B40A-309E7FC1A020} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F961FB77-7498-42CE-AE63-E8694E347056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Nora\Desktop\SAT® Registration - Your SAT Registra.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=pmkeikenioofemopmppkehmafdafbihc ShortcutWithArgument: C:\Users\Nora\Desktop\Use the Creative Cloud Cleaner Tool t.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipblamillnafmheogllkdcnkchpgjnmc ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SAT® Registration - Your SAT Registra.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=pmkeikenioofemopmppkehmafdafbihc ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Use the Creative Cloud Cleaner Tool t.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ipblamillnafmheogllkdcnkchpgjnmc ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Nora - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2012-09-26 20:51 - 2012-08-10 02:06 - 000321536 ____N (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe 2017-06-12 18:45 - 2012-02-14 20:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll 2016-11-07 15:13 - 2016-11-07 15:13 - 000027136 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe 2017-06-12 20:40 - 2012-05-10 10:38 - 000036864 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe 2017-06-12 19:42 - 2012-09-25 16:25 - 000405504 _____ (Realtek) [File not signed] C:\Windows\SwUSB.exe 2016-11-07 15:14 - 2016-11-07 15:14 - 004869632 _____ (DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe 2016-09-18 18:29 - 2016-05-04 16:16 - 000114688 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\logger.job 2016-09-18 18:29 - 2016-05-04 16:17 - 000077824 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\bitutils.dll 2016-09-18 18:29 - 2016-05-04 16:17 - 000229376 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\session.dll 2016-09-18 18:29 - 2016-01-06 19:33 - 001212416 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\LIBEAY32.dll 2016-09-18 18:29 - 2016-05-04 16:16 - 000241664 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\update.job 2019-03-17 20:01 - 2019-03-22 19:13 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-03-17 20:01 - 2019-03-22 19:12 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2019-03-17 20:01 - 2019-03-22 19:13 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-03-22 19:12 - 2019-03-22 19:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-03-22 19:12 - 2019-03-22 19:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-03-22 19:12 - 2019-03-22 19:13 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2016-11-07 15:11 - 2016-11-07 15:11 - 000484352 _____ (DYMO Corporation) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\PrintingSupportLibrary.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\AppData:CSM [474] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\localhost -> localhost ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2017-08-04 18:09 - 000001361 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 176.31.241.10 127.0.0.1 54.148.249.18 127.0.0.1 54.68.188.84 127.0.0.1 54.221.244.28 127.0.0.1 40.77.226.250 127.0.0.1 54.187.37.182 127.0.0.1 serwer2.paka-service.com 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 mirillis.com 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl 127.0.0.1 mirillis.eu 127.0.0.1 www.mirillis.com 127.0.0.1 updates.mirillis.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files\Broadcom\Broadcom 802.11;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185605279\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185605842\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\Desktop\IMG_8509.jpg HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\Desktop\IMG_8509.jpg HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-1366119177-2540758352-3978259168-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607811\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\StartupFolder: => "MouseRecorder.lnk" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run: => "BeatsOSDApp" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "MouseDriver" HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "JunosPulse" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "sefb" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "iCloudPhotos" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "prsetup.exe" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "BingSvc" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "iCloudPhotos" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "prsetup.exe" HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7CDC6B05-989E-4FBB-95BC-A87AE3F42015}] => (Allow) LPort=52000 FirewallRules: [{899B0F68-B7A5-4F25-8662-749542FA8E53}] => (Allow) LPort=53000 FirewallRules: [{D842C531-2A70-48E9-A81C-973B5CDFE0FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe No File FirewallRules: [{FC99EC5B-18EB-4ABD-A6DD-6DA2828894E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe No File FirewallRules: [{3F465E22-EA2F-4A4B-9DB7-6AE8A64B4DD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2968C929-4DB5-44C5-8511-C1D4F6184A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe No File FirewallRules: [{2EB7A75A-AAB7-433B-8EFA-123981AEDB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe No File FirewallRules: [{ED4EB94A-F9D1-46A7-8C40-50121EA0DA2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe No File FirewallRules: [{DAAA5A4C-85A0-454E-BDF4-7F7F895C2403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe No File FirewallRules: [{A245DFA1-1D33-462D-AF8D-FF2EF0B45291}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{80FF6B06-AA36-489B-BFE2-ACAC5074AD74}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File FirewallRules: [{80360C0D-EFDA-4B50-8E35-675B9CC2CE08}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File FirewallRules: [{AA1386BA-DDF2-4580-8C6E-843B9002CEAE}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File FirewallRules: [{4C4BF115-FF2A-4162-BF9D-9148FBE27FAA}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File FirewallRules: [{734664F8-A4BD-447D-BA36-7AC5A242B2E2}] => (Allow) C:\Users\Nora\AppData\Local\Temp\RemoveTemp.exe No File FirewallRules: [{CC5E640F-859E-45FD-A289-5876BEBF5475}] => (Allow) C:\Users\Nora\AppData\Local\Temp\RemoveTemp.exe No File FirewallRules: [{1520F5FD-9151-42B0-B82E-F7DFE2636700}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File FirewallRules: [{55DE6848-FF34-4CC2-AE98-6961A26F0B40}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File FirewallRules: [{33B703B2-A566-4461-B1A2-4E4B0F050985}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File FirewallRules: [{D9B63BE1-EBA0-489C-A760-DEDD5A4EA19E}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File FirewallRules: [{840A2455-13A1-41C1-97A2-5B936B2DBED7}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File FirewallRules: [{71A7B4E6-3039-4B73-A074-9332E1502AD1}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File FirewallRules: [{76C7256F-1D9B-4627-A3C1-08C5B70E49FE}] => (Allow) C:\Program Files\Andy\andy.exe No File FirewallRules: [{C9D2E3DF-A6C7-4128-A7DE-ADF9D351DA3E}] => (Allow) C:\Program Files\Andy\andy.exe No File FirewallRules: [{3A5C109B-C93F-486D-BB12-DF72464235C2}] => (Allow) C:\Users\Nora\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{2F6C83A1-F9D1-48A1-8650-3F5D77246A21}] => (Allow) C:\Users\Nora\AppData\Local\Temp\andy-x64\Setup.exe No File FirewallRules: [{77CFE290-B892-4D00-94B1-CAC3619DEB2D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{D2F061B5-9EB6-4C38-B511-994B0874DE55}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{A43FC8C4-5CFF-4144-AF0A-9908CF924702}] => (Allow) C:\Users\Nora\Downloads\LiquidSkyClient0.2.9.exe No File FirewallRules: [{3250C05A-7B16-45D4-9EAF-28FB2C57A794}] => (Allow) C:\Users\Nora\Downloads\LiquidSkyClient0.2.9.exe No File FirewallRules: [{8EC1D1E3-FD75-482D-AF4B-420EE2F3EC40}] => (Allow) C:\Users\Nora\AppData\Roaming\uTorrent\uTorrent.exe No File FirewallRules: [{57FCA181-9E5C-4617-B1F9-499415E440E9}] => (Allow) C:\Users\Nora\AppData\Roaming\uTorrent\uTorrent.exe No File FirewallRules: [{26C22887-1967-47C3-8EB7-40E718311932}] => (Allow) C:\Users\Nora\AppData\Local\Temp\7zS6107\HPDiagnosticCoreUI.exe No File FirewallRules: [{F47B5ECF-284A-4DB0-8548-9D9F3A3053C1}] => (Allow) C:\Users\Nora\AppData\Local\Temp\7zS6107\HPDiagnosticCoreUI.exe No File FirewallRules: [{74D8ED09-3F43-4B2D-BD5B-4E6F1ABBAED2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.) FirewallRules: [{E7578231-6004-4033-AFEB-C984B02B14DC}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed] FirewallRules: [{3A84E306-DDD2-4FFB-9357-A4A3B028CA90}] => (Allow) LPort=53 FirewallRules: [{690DDC29-F554-4741-82A0-70D8E3D1622A}] => (Allow) LPort=53 FirewallRules: [{1E592B0B-9BA9-42BC-ABE1-D6C2C1423A5C}] => (Allow) LPort=68 FirewallRules: [{1ADF8DB4-B5D9-4289-B85C-2E8C31526627}] => (Allow) LPort=67 FirewallRules: [{8C1B2E16-009A-4DB7-899C-4800C06BAE08}] => (Allow) LPort=1542 FirewallRules: [{4D0EBD0F-4657-4B76-B5B1-A8613481E8A5}] => (Allow) LPort=1542 FirewallRules: [{4B0F4774-81E4-40E1-B55D-04B4CE41EBDA}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed] FirewallRules: [{4F2ACA87-E541-45EE-9080-EEF460FD471F}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed] FirewallRules: [{E1405703-CFBA-4CFB-A0CA-B7BED2796A66}] => (Allow) LPort=53 FirewallRules: [{0054F023-13BB-44E5-A229-CFDF7F8F0C36}] => (Allow) LPort=1542 FirewallRules: [{90A0C847-E02F-4D5C-921B-68E4C2F64BFB}] => (Allow) LPort=1542 FirewallRules: [{B84558AF-D160-412A-932B-D9B6E223D1A5}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed] FirewallRules: [{71484D28-3CA9-43E8-9AB8-CCC8645E82C8}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed] FirewallRules: [{47C0A559-1108-4EC2-835C-50315A920053}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{8C3B0E41-3F92-46A7-A9D8-63986DE24C47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{BA37B7F8-79D3-451E-958F-0B20E237F998}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File FirewallRules: [{D1049A60-0BFE-4B37-ACB1-05D168432F92}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File FirewallRules: [UDP Query User{4E01F845-1578-429F-B1AA-6C5C6287118E}C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe] => (Allow) C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe No File FirewallRules: [TCP Query User{2A5678FE-8BAE-4F2A-9C1B-CCF36602E937}C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe] => (Allow) C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe No File FirewallRules: [UDP Query User{49A35847-E600-4878-8129-1658E53B1096}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{37BFF87E-F39A-445D-BC70-3B6B6B7D9C52}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{EBF662B5-06E2-4FE4-8F78-D0C08FEBCA58}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{C649BF41-8B28-409D-8689-98D582F7402B}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{FA33E67C-E8B2-44CC-89D4-F31323208303}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File FirewallRules: [UDP Query User{1435A95C-FF91-47DF-87A6-77AA9050AF66}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [TCP Query User{B49438A3-B14E-4C2D-850F-A4A2AB5F52A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{5CA72CF8-BCAE-46EE-A908-441C645709E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{8E33F300-AF0C-42D0-997B-76CFE2134402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe No File FirewallRules: [{3D65999E-090C-4D4E-8174-1397B3CEF16C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe No File FirewallRules: [UDP Query User{FD9C53C0-7451-4ED5-8ED6-3021D5473F61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [TCP Query User{679BFBD1-F9F5-4727-91E8-D5CC8DB4A36B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{841325C7-4BDC-4A86-B7E2-B1291A018C59}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.) FirewallRules: [{543144CF-4882-4A65-863D-66A7B61F0245}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.) FirewallRules: [{FE5057FC-98AD-4AAF-85D9-0B829CBFDECC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8800ACF6-F02D-4B87-98A7-9DB16FCBEA9C}] => (Allow) LPort=2869 FirewallRules: [{DF99A83F-D235-4BCA-9A2D-59627A8E949C}] => (Allow) LPort=1900 FirewallRules: [{3EF62BB8-06C5-4E45-ABA3-E656E52F90BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E34E25B9-A67D-4C2A-8EF4-32C0BE6F769F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{027C36D7-8CE7-4368-B217-CB40EAECF48C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File FirewallRules: [{745C2616-D2B9-474B-BEE8-A9DE1946C783}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File FirewallRules: [TCP Query User{7299F324-EC9D-4A7A-B48C-6C1504CA2CC7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [UDP Query User{1FEC6EE7-64B5-42E1-A82E-9EEF02C0395A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File FirewallRules: [{126A659F-91D2-4A3C-AA5E-A01AEBD42015}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File FirewallRules: [{A17130C2-51CF-4D5D-A3F4-AD7BE56326B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File FirewallRules: [{D8BF0B02-EA48-4AE4-B443-980B4C0B4039}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File FirewallRules: [{B8BDB825-5C24-403B-8C1F-D4B6D914ECEE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File FirewallRules: [{C1A990B8-F09E-482E-8F4A-942715222BB2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File FirewallRules: [{B02C2BE7-14F5-44B7-B56B-B1D801841A7F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{86D9D47D-2390-4FC1-AFCF-E79264AEA90A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{12DC449F-1AB6-45AD-8C5A-DF55C4B2E425}] => (Allow) C:\Users\Nora\AppData\Local\Programs\Opera\57.0.3098.116\opera.exe No File FirewallRules: [{C29D4495-ED18-4AA0-8134-9B15431CD2C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed] FirewallRules: [{31251605-1CF6-45DB-B7BA-7FACBC0AFDC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed] FirewallRules: [{9520883A-00A9-4E90-B82D-E843965E19FA}] => (Allow) C:\Users\Nora\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe No File FirewallRules: [{8F089BE8-2F73-4AB7-9240-333B544F2FD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= 26-03-2019 23:15:10 Scheduled Checkpoint 04-04-2019 21:19:20 Windows Update 09-04-2019 19:46:23 Windows Update ==================== Faulty Device Manager Devices ============= Name: Unknown USB Device (Link in Compliance Mode) Description: Unknown USB Device (Link in Compliance Mode) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Unknown USB Device (Device Descriptor Request Failed) Description: Unknown USB Device (Device Descriptor Request Failed) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname escalon1.local already in use; will try escalon1-2.local instead Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 escalon1.local. Addr 192.168.1.132 Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.132:5353 16 escalon1.local. AAAA 2605:6000:1609:8029:0000:9401:6A9D:AA60 Error: (04/14/2019 05:23:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2019.19021.18010.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 654 Start Time: 01d4f30f2b7fae87 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 36d8ef40-c9d1-4516-aa23-fc0ebcfffdd7 Faulting package full name: Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (04/14/2019 05:13:15 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2019.19021.18010.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 21b0 Start Time: 01d4f30749f89c79 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 746ecdbd-cdff-4fe5-a60f-861e285a32c7 Faulting package full name: Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname escalon1.local already in use; will try escalon1-2.local instead Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 escalon1.local. Addr 192.168.1.132 Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.132:5353 16 escalon1.local. AAAA 2605:6000:1609:8029:0000:9401:6A9D:AA60 System errors: ============= Error: (04/14/2019 07:07:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Security Center service hung on starting. Error: (04/14/2019 07:04:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The System Guard Runtime Monitor Broker service hung on starting. Error: (04/14/2019 07:01:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (04/14/2019 06:59:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (04/14/2019 06:59:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Touchpoint Analytics service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/14/2019 06:59:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect. Error: (04/14/2019 06:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/14/2019 06:58:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect. Windows Defender: =================================== Date: 2019-03-09 14:53:30.342 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {6FB17E88-38B6-4C5B-B1A4-9CF075A46CC5} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-04-07 21:29:58.211 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.291.1370.0 Previous Signature Version: 1.289.775.0 Update Source: Signature Update Folder Signature Type: AntiSpyware Update Type: Full Current Engine Version: 1.1.15800.1 Previous Engine Version: 1.1.15800.1 Error code: 0x80004004 Error description: Operation aborted Date: 2019-04-07 21:29:58.210 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.291.1370.0 Previous Signature Version: 1.289.775.0 Update Source: Signature Update Folder Signature Type: AntiVirus Update Type: Full Current Engine Version: 1.1.15800.1 Previous Engine Version: 1.1.15800.1 Error code: 0x80004004 Error description: Operation aborted Date: 2019-03-19 18:11:40.730 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.289.1599.0 Previous Signature Version: 1.289.775.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.15700.9 Previous Engine Version: 1.1.15700.9 Error code: 0x80004004 Error description: Operation aborted Date: 2019-03-19 18:11:40.730 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.289.1599.0 Previous Signature Version: 1.289.775.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.15700.9 Previous Engine Version: 1.1.15700.9 Error code: 0x80004004 Error description: Operation aborted Date: 2019-02-25 20:40:58.530 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the device. CodeIntegrity: =================================== Date: 2019-04-13 09:04:42.735 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-13 09:04:42.505 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-13 09:04:41.200 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-13 09:04:36.579 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-13 09:04:27.782 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-13 09:03:54.246 Description: Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes. Date: 2019-04-10 14:17:29.748 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. Date: 2019-04-10 14:17:29.695 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics Percentage of memory in use: 96% Total physical RAM: 1431.52 MB Available physical RAM: 55.62 MB Total Virtual: 3379.26 MB Available Virtual: 671.63 MB ==================== Drives ================================ Drive 😄 (OS) (Fixed) (Total:1841.07 GB) (Free:1518.99 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery Image) (Fixed) (Total:19.69 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)] Drive h: (USB DISK) (Removable) (Total:3.61 GB) (Free:0.27 GB) FAT32 \\?\Volume{d7d5730d-95c0-4ad5-8029-fc06946e3ac7}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS \\?\Volume{35b812d1-f0ba-4488-9d1d-6c89f6996261}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS \\?\Volume{2155f950-e4e1-47ed-b64b-0887d896edd8}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS \\?\Volume{98b7139c-5352-4fe1-9206-ee8a695b56c8}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.3 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: C9362D14) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C) ==================== End of Addition.txt ============================ malwarebytes04142019.txt AdwCleaner[S00].txt FRST.txt Addition.txt
×
×
  • Create New...