Jump to content
luckistarr956

[RESOLVED] removal of wondershare filmora

Recommended Posts

My son installed wondershare filmora scrn (Build 2.0.1), Wondersharehelper Compact 2.5.2 , and UMMY Video Downloader. I have spent hours researching trying to uninstall and i have had no luck.  I would like some help in removing it? PLEASE.

Thank you In advance ūüôā

I followed STEP1, STEP2, STEP3. from a previous thread read (see below step 1, step 2, step3) and posted the results below:

Please run the following steps and post back the logs as an attachment when ready.
STEP 01

  • If you're already running Malwarebytes 3 then open¬†Malwarebytes and check for updates. Then click on the¬†Scan¬†tab and select¬†Threat Scan¬†and click on¬†Start Scanbutton.
  • If you don't have Malwarebytes 3 installed yet please download it from¬†here¬†and install it.
  • Once installed then open¬†Malwarebytes and check for updates. Then click on the Scan tab and select¬†Threat Scan¬†and click on¬†Start Scan¬†button.
  • Once the scan is completed click on the¬†Export Summary¬†button and save the file as a¬†Text¬†file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the¬†program and select¬†RunAsAdmin.jpg¬†Run as Administrator¬†to start the tool.
  • Accept the¬†Terms of use.
  • Wait until the database is updated.
  • Click¬†Scan Now.
  • When finished, please click¬†Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click¬†Yes¬†to disclaimer.
  • Press the¬†Scan¬†button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please¬†attach¬†it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the¬†Additions.txt¬†log to your reply as well.

 

STEP 1 Results: 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/14/19
Scan Time: 1:00 PM
Log File: 29112374-5edf-11e9-be0a-74e54394e9bb.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.563
Update Package Version: 1.0.10160
License: Premium

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: escalon1\Nora

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 419951
Threats Detected: 22
Threats Quarantined: 0
Time Elapsed: 4 hr, 10 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 3
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|pilplloabdedfmialnfchjomjmpjcoej, No Action By User, [266], [626729],1.0.10160
Adware.SearchProvide, HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 2\extensions.settings|gkcffmoikcgfhagefelmhiakelnjihik, No Action By User, [380], [500746],1.0.10160

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 19
PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160
PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [357], [454816],1.0.10160
PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160
PUP.Optional.SearchAlgo, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [357], [454816],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [266], [628563],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [628563],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, No Action By User, [266], [626729],1.0.10160
PUP.Optional.SearchManager.BITSRST, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, No Action By User, [266], [626729],1.0.10160
Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160
Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160
Adware.SearchProvide, C:\USERS\NORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Secure Preferences, No Action By User, [380], [500746],1.0.10160

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

STEP 2 Results: ADWCLEANER

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-14-2019
# Duration: 00:02:00
# OS:       Windows 10 Home
# Scanned:  27276
# Detected: 52


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\Nora\AppData\Local\Downloaded Installers
PUP.Optional.Legacy             C:\Users\Nora\AppData\Local\DriverToolkit
PUP.Optional.Legacy             C:\Users\Nora\Documents\vShare
PUP.Optional.Legacy             C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.SlimCleanerPlus    C:\ProgramData\slimware utilities inc
PUP.Optional.SlimCleanerPlus    C:\Users\Nora\AppData\Local\slimware utilities inc

***** [ Files ] *****

PUP.Optional.Legacy             C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy             C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpService64.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy             C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ByteFence          HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjc-usadmm.dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjc-usadmm.dotomi.com
PUP.Optional.Legacy             HKCU\Software\ELLS LLC
PUP.Optional.Legacy             HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.Legacy             HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.SlimCleanerPlus    HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus    HKLM\Software\SLIMWARE UTILITIES, INC.
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
PUP.Optional.SlimCleanerPlus    HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hitmanpro-alert.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\painttool-sai.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yandere-simulator.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hitmanpro-alert.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\painttool-sai.en.softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
PUP.Optional.SofTonicAssistant  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yandere-simulator.en.softonic.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
PUP.Optional.WeatherBuddy       HKCU\Software\Melasys LLC
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WinRepairPro       HKCU\Software\win

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

STEP 3 Results: FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by Nora (administrator) on ESCALON1 (14-04-2019 19:07:22)
Running from C:\Users\Nora\Desktop
Loaded Profiles: Nora &  (Available Profiles: Nora & escalon & Administrator)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Juniper Networks, Inc. -> Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd) C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe
(Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Fortinet Technologies -> Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmp.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd) C:\Program Files (x86)\Common Files\aunhelper\worker.exe
(Realtek) [File not signed] C:\Windows\SwUSB.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_12\mcapexe.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MDMAgent.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\McCSPServiceHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sc.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\WINDOWS DEFENDER\MSASCUIL.EXE [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\PROGRAM FILES\IDT\WDM\BEATS64.EXE [37888 2012-08-10] (Hewlett-Packard ) [File not signed]
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TILTWHEELMOUSE.EXE [241152 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [iTunesHelper] => C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE [298296 2018-07-06] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\PROGRAM FILES\IDT\WDM\STTRAY64.EXE [1425408 2012-08-10] (IDT, Inc.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4869632 2016-11-07] (DYMO) [File not signed]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [sefb] => "C:\Program Files (x86)\Windows NT\Accessories\sefb\sefb.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-06-24] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-05] (Valve -> Valve Corporation)
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3146016 2019-03-05] (Valve -> Valve Corporation)
HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1366119177-2540758352-3978259168-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607811\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FICV] => C:\WINDOWS\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-09] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> c:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2012-07-30] (Broadcom Corporation -> Broadcom Corporation.)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{291c5e22-c8fb-460d-a6d0-d3a6a0b10c31}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{304efd2f-ca31-43f4-8e63-5f43077abb4e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7277edeb-8e4e-4565-b67d-15c8a12551c4}: [DhcpNameServer] 192.168.36.1
Tcpip\..\Interfaces\{88bf8c49-fc58-4424-a8ba-b8c0abd390f0}: [DhcpNameServer] 192.168.36.1
Tcpip\..\Interfaces\{c19dee4a-f043-4db8-b122-d245240b4248}: [DhcpNameServer] 192.168.36.1
Tcpip\..\Interfaces\{f815298b-0fcc-42c5-856d-3f8b89ce1662}: [DhcpNameServer] 192.168.36.1
Tcpip\..\Interfaces\{f9f030d0-fb14-451f-9519-5052929199f5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311337&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1717EQYntO8oR7qXelBKT0RDR%2FEErEsDhNqGVI%2B%2FeDt8Z4beG4U108mdWHxBGFHi2Qdf0Y%2B%2FBDFgO%2FxTOcKBRCq5BhUHHBJTdxrOU1%2B3GujyY4WIllOA416q8TCJsPQMllGtVQlP6ndomwlcxZwScmFz1wG%2BiPzGDQ1zMWoC8a3hRR9fxZEsCQS6UHNCql6RRIKP15bua1LXO9rRd7w%2BlUOruPNFJag0qzYoxLs8k9hQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {1711FC25-F05A-40CE-B859-A0C1CF01FD18} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311337&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1717EQYntO8oR7qXelBKT0RDR%2FEErEsDhNqGVI%2B%2FeDt8Z4beG4U108mdWHxBGFHi2Qdf0Y%2B%2FBDFgO%2FxTOcKBRCq5BhUHHBJTdxrOU1%2B3GujyY4WIllOA416q8TCJsPQMllGtVQlP6ndomwlcxZwScmFz1wG%2BiPzGDQ1zMWoC8a3hRR9fxZEsCQS6UHNCql6RRIKP15bua1LXO9rRd7w%2BlUOruPNFJag0qzYoxLs8k9hQ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {D7D40BE9-D263-48E7-B208-978B97943458} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-12-01] (McAfee, Inc. -> McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-12-01] (McAfee, Inc. -> McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee¬ģ WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-12-01]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-03-18] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2019-01-07] (McAfee, Inc. -> )
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccpluginex.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2014-04-09] (Fortinet Technologies -> Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2019-01-07] (McAfee, Inc. -> )
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nora\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nora\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> homepage.ssoextension.com
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com/"
CHR NewTab: Profile 2 ->  Not-active:"chrome-extension://pdkhllgdkelibgakgnbndpjmefinjajj/pdfconverter.html"
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default [2019-04-13]
CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-14]
CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-14]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-27]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-27]
CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-14]
CHR Extension: (McAfee¬ģ WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-02-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-19]
CHR Extension: (Use the Creative Cloud Cleaner Tool t...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipblamillnafmheogllkdcnkchpgjnmc [2017-06-10]
CHR Extension: (fire walk) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpidockhlenpkfhofmhopohpckbcpkff [2016-12-17]
CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2016-12-17]
CHR Extension: (Wikibuy) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-12]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13]
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-01-21]
CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-06]
CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-06]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Google Search) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-06]
CHR Extension: (McAfee¬ģ WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (HP Network Check Launcher) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-06]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-23]
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-04-14]
CHR Extension: (Slides) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\adnlfjpnmidfimlkaohpidplnoimahfh [2017-09-19]
CHR Extension: (AliExpress.com - Online Shopping for ...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afnnlnmfnajnjgfdhkacdcldkchhfkde [2019-04-13]
CHR Extension: (Docs) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-02]
CHR Extension: (YouTube) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-02]
CHR Extension: (Social Blade) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2018-12-08]
CHR Extension: (Sheets) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (McAfee¬ģ WebAdvisor) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-12-08]
CHR Extension: (TMA iServiceDesk - University of Texa...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gejgipjecjifipiobmcfbkiaoaleoifa [2017-06-02]
CHR Extension: (Google Docs Offline) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-14]
CHR Extension: (UTRGV School of Medicine - Applicatio...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ibmjkkiokcemafmiafjpkjlmmcifcbmm [2017-06-02]
CHR Extension: (HP Network Check Launcher) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-10-14]
CHR Extension: (Cisco Webex Extension) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-09]
CHR Extension: (Free Play For Games Ad) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kpjmhebnligfgonajiiicnocjmcfagjh [2017-11-21]
CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2017-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13]
CHR Extension: (SAT¬ģ Registration - Your SAT Registra...) - C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pmkeikenioofemopmppkehmafdafbihc [2018-08-09]
CHR Profile: C:\Users\Nora\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc. -> Apple Inc.)
R2 aunhelper; C:\Program Files (x86)\Common Files\aunhelper\aunhelper.exe [457840 2016-05-11] (Kunshan Aunbox software co.,Ltd -> Kunshan Aunbox software co.,Ltd)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-22] (BattlEye Innovations e.K. -> )
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2016-11-07] (Sanford, L.P.) [File not signed]
R2 FortiSslvpnDaemon; C:\WINDOWS\SysWOW64\FortiSSLVPNdaemon.exe [954080 2014-04-09] (Fortinet Technologies -> Fortinet Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [690248 2018-12-01] (McAfee, Inc. -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe [745880 2019-01-08] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe [2158952 2018-12-17] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [371840 2018-12-05] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [604216 2018-12-05] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [509728 2018-12-05] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1692552 2018-12-19] (McAfee, Inc. -> McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1333064 2018-10-26] (McAfee, Inc. -> McAfee, Inc.)
R2 RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
R2 SNMP; C:\WINDOWS\System32\snmp.exe [52736 2018-07-25] (Microsoft Windows -> Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46592 2018-07-25] (Microsoft Windows -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology Corporation -> Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21639712 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [682528 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)
S3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774720 2016-04-06] (Broadcom Corporation -> Broadcom Corp)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [187168 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77144 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [27128 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [26104 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> ELECOM)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-03-22] (Malwarebytes Corporation -> Malwarebytes)
S3 hidkmdf; C:\WINDOWS\System32\drivers\hidkmdf.sys [14136 2013-11-11] (Wacom Technology Corp. -> Windows (R) Win 7 DDK provider)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218408 2018-12-24] (McAfee, Inc. -> McAfee, Inc.)
R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks)
S3 jnprva; C:\WINDOWS\system32\DRIVERS\jnprva.sys [30072 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
S3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2014-06-16] (Juniper Networks, Inc. -> Juniper Networks, Inc.)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2018-04-11] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-22] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-04-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-04-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-04-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-04-14] (Malwarebytes Corporation -> Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [510808 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [373592 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2018-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [516952 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [980824 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563728 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109072 2018-11-19] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117592 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
R3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-12-01] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253784 2018-12-10] (McAfee, Inc. -> McAfee, LLC)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [42528 2009-07-21] (Fortinet Technologies -> Fortinet Inc.)
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [7147888 2017-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [540160 2012-08-10] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-28] (Wacom Technology Corporation -> Wacom Technology)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 19:07 - 2019-04-14 19:13 - 000043445 _____ C:\Users\Nora\Desktop\FRST.txt
2019-04-14 19:03 - 2019-04-14 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-04-14 18:56 - 2019-04-14 18:56 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-04-14 18:56 - 2019-04-14 18:56 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-04-14 18:38 - 2019-04-14 18:45 - 000000000 ____D C:\AdwCleaner
2019-04-14 18:33 - 2019-04-14 10:06 - 007025360 _____ (Malwarebytes) C:\Users\Nora\Desktop\adwcleaner_7.3.exe
2019-04-14 17:37 - 2019-04-14 18:57 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-04-14 17:16 - 2019-04-14 17:16 - 000004858 _____ C:\Users\Nora\Desktop\04142019.txt
2019-04-14 14:54 - 2019-04-14 10:11 - 002434048 _____ (Farbar) C:\Users\Nora\Desktop\FRST64.exe
2019-04-14 12:49 - 2019-04-14 19:07 - 000000000 ____D C:\FRST
2019-04-14 11:37 - 2019-04-14 18:56 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-04-13 08:23 - 2019-04-13 08:23 - 000004995 _____ C:\Users\Nora\Desktop\24 threats 04132019.txt
2019-04-09 20:06 - 2019-04-02 03:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:06 - 2019-04-02 03:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-09 20:06 - 2019-04-02 00:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-09 20:05 - 2019-04-02 07:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-09 20:05 - 2019-04-02 07:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-09 20:05 - 2019-04-02 07:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-09 20:05 - 2019-04-02 07:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-09 20:05 - 2019-04-02 07:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-09 20:05 - 2019-04-02 07:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-09 20:05 - 2019-04-02 07:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-09 20:05 - 2019-04-02 07:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-09 20:05 - 2019-04-02 07:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-09 20:05 - 2019-04-02 07:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-09 20:05 - 2019-04-02 07:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-09 20:05 - 2019-04-02 07:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-09 20:05 - 2019-04-02 04:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-09 20:05 - 2019-04-02 04:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-09 20:05 - 2019-04-02 04:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-09 20:05 - 2019-04-02 04:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-09 20:05 - 2019-04-02 04:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-09 20:05 - 2019-04-02 04:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-09 20:05 - 2019-04-02 04:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-09 20:05 - 2019-04-02 04:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-09 20:05 - 2019-04-02 03:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-09 20:05 - 2019-04-02 03:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-09 20:05 - 2019-04-02 03:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-09 20:05 - 2019-04-02 03:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-09 20:05 - 2019-04-02 03:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-09 20:05 - 2019-04-02 03:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-09 20:05 - 2019-04-02 03:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-09 20:05 - 2019-04-02 03:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-09 20:05 - 2019-04-02 03:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-09 20:05 - 2019-04-02 03:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-09 20:05 - 2019-04-02 03:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-09 20:05 - 2019-04-02 03:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-09 20:05 - 2019-04-02 03:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-09 20:05 - 2019-04-02 02:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-09 20:05 - 2019-04-02 02:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-09 20:05 - 2019-04-02 02:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-09 20:05 - 2019-04-02 02:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-09 20:05 - 2019-04-02 02:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-09 20:05 - 2019-04-02 02:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-09 20:05 - 2019-04-02 02:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-09 20:05 - 2019-04-02 02:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-09 20:05 - 2019-04-02 02:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-09 20:05 - 2019-04-02 02:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-09 20:05 - 2019-04-02 02:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-09 20:05 - 2019-04-02 02:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-09 20:05 - 2019-04-02 02:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-09 20:05 - 2019-04-02 00:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-09 20:05 - 2019-04-02 00:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-09 20:05 - 2019-04-02 00:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-09 20:05 - 2019-04-02 00:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-09 20:05 - 2019-04-01 23:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-09 20:05 - 2019-04-01 23:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-09 20:05 - 2019-04-01 23:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-09 20:05 - 2019-04-01 23:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-09 20:05 - 2019-04-01 23:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-09 20:05 - 2019-04-01 23:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-09 20:05 - 2019-03-14 09:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-09 20:05 - 2019-03-14 09:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-09 20:05 - 2019-03-14 09:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-09 20:05 - 2019-03-14 09:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-09 20:05 - 2019-03-14 09:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-09 20:05 - 2019-03-14 08:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-09 20:05 - 2019-03-14 08:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-09 20:05 - 2019-03-14 03:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-09 20:05 - 2019-03-14 03:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-09 20:05 - 2019-03-14 03:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-09 20:05 - 2019-03-14 03:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-09 20:05 - 2019-03-14 03:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-09 20:05 - 2019-03-14 03:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-09 20:05 - 2019-03-14 03:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-09 20:05 - 2019-03-14 03:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-09 20:05 - 2019-03-14 03:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-09 20:05 - 2019-03-14 03:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-09 20:05 - 2019-03-14 03:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-09 20:05 - 2019-03-14 03:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-09 20:05 - 2019-03-14 03:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-09 20:05 - 2019-03-14 03:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-09 20:05 - 2019-03-14 03:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-09 20:05 - 2019-03-14 03:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-09 20:05 - 2019-03-14 03:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-09 20:05 - 2019-03-14 03:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-09 20:05 - 2019-03-14 03:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-09 20:05 - 2019-03-14 03:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-09 20:05 - 2019-03-14 03:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-09 20:05 - 2019-03-14 03:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-09 20:05 - 2019-03-14 03:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-09 20:05 - 2019-03-14 03:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-09 20:05 - 2019-03-14 03:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-09 20:05 - 2019-03-14 03:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-09 20:05 - 2019-03-14 03:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-09 20:05 - 2019-03-14 03:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-09 20:05 - 2019-03-14 03:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-09 20:05 - 2019-03-14 03:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-09 20:05 - 2019-03-14 03:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-09 20:05 - 2019-03-14 03:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-09 20:05 - 2019-03-14 03:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-09 20:05 - 2019-03-14 03:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:05 - 2019-03-14 03:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-09 20:05 - 2019-03-14 03:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-09 20:05 - 2019-03-14 03:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-09 20:05 - 2019-03-14 03:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-09 20:05 - 2019-03-14 02:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-09 20:05 - 2019-03-14 02:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-09 20:05 - 2019-03-14 02:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-09 20:05 - 2019-03-14 02:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-09 20:05 - 2019-03-14 02:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-09 20:05 - 2019-03-14 02:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-09 20:05 - 2019-03-14 02:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-09 20:05 - 2019-03-14 02:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-09 20:05 - 2019-03-14 02:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-09 20:05 - 2019-03-14 02:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-09 20:05 - 2019-03-14 02:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-09 20:05 - 2019-03-14 02:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-09 20:05 - 2019-03-14 02:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-09 20:05 - 2019-03-14 02:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-09 20:05 - 2019-03-14 02:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-09 20:05 - 2019-03-14 02:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-09 20:05 - 2019-03-14 02:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-09 20:05 - 2019-03-14 02:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-09 20:05 - 2019-03-14 02:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-09 20:05 - 2019-03-14 02:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-09 20:05 - 2019-03-14 02:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-09 20:05 - 2019-03-14 02:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-09 20:05 - 2019-03-14 02:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-09 20:05 - 2019-03-14 02:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-09 20:05 - 2019-03-14 02:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-09 20:05 - 2019-03-14 02:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-09 20:05 - 2019-03-14 02:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-09 20:05 - 2019-03-14 02:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-09 20:05 - 2019-03-13 20:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-09 20:04 - 2019-04-02 07:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-09 20:04 - 2019-04-02 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-09 20:04 - 2019-04-02 07:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-09 20:04 - 2019-04-02 07:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-09 20:04 - 2019-04-02 04:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-09 20:04 - 2019-04-02 03:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-09 20:04 - 2019-04-02 03:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-09 20:04 - 2019-04-02 02:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-09 20:04 - 2019-04-02 02:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-09 20:04 - 2019-04-02 02:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-09 20:04 - 2019-04-02 02:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-09 20:04 - 2019-04-02 02:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-09 20:04 - 2019-04-02 01:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-09 20:04 - 2019-04-01 23:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-09 20:04 - 2019-04-01 23:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-09 20:04 - 2019-04-01 23:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-09 20:04 - 2019-04-01 23:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-09 20:04 - 2019-04-01 23:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-09 20:04 - 2019-03-16 07:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:04 - 2019-03-16 04:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-09 20:04 - 2019-03-14 09:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-09 20:04 - 2019-03-14 09:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-09 20:04 - 2019-03-14 09:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-09 20:04 - 2019-03-14 09:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-09 20:04 - 2019-03-14 09:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-09 20:04 - 2019-03-14 09:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-09 20:04 - 2019-03-14 09:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-09 20:04 - 2019-03-14 09:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-09 20:04 - 2019-03-14 08:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-09 20:04 - 2019-03-14 08:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-09 20:04 - 2019-03-14 08:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-09 20:04 - 2019-03-14 08:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-09 20:04 - 2019-03-14 03:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-09 20:04 - 2019-03-14 03:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-09 20:04 - 2019-03-14 03:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-09 20:04 - 2019-03-14 03:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-09 20:04 - 2019-03-14 03:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-09 20:04 - 2019-03-14 03:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:04 - 2019-03-14 03:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-09 20:04 - 2019-03-14 03:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-09 20:04 - 2019-03-14 03:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-09 20:04 - 2019-03-14 03:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-09 20:04 - 2019-03-14 03:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-09 20:04 - 2019-03-14 03:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-09 20:04 - 2019-03-14 03:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-09 20:04 - 2019-03-14 02:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-09 20:04 - 2019-03-14 02:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-09 20:04 - 2019-03-14 02:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-09 20:04 - 2019-03-14 02:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-09 20:04 - 2019-03-14 02:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-09 20:04 - 2019-03-14 02:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-09 20:04 - 2019-03-14 02:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-09 20:04 - 2019-03-14 02:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-09 20:04 - 2019-03-14 02:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-09 20:04 - 2019-03-14 02:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-09 20:04 - 2019-03-14 02:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-09 20:04 - 2019-03-14 02:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-09 20:04 - 2019-03-14 02:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-09 20:04 - 2019-03-14 02:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-09 20:04 - 2019-03-14 02:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-09 20:04 - 2019-03-14 02:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-09 20:04 - 2019-03-14 02:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-09 20:04 - 2019-03-14 02:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-09 20:04 - 2019-03-14 02:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-09 20:04 - 2019-03-14 02:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-09 20:04 - 2019-03-14 02:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-09 20:04 - 2019-03-14 02:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-09 20:04 - 2019-03-14 02:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-09 20:04 - 2019-03-13 20:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-09 20:04 - 2019-03-13 20:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-09 20:04 - 2019-03-13 20:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-09 20:04 - 2019-03-13 20:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-03-25 17:37 - 2019-03-25 17:37 - 000000000 ____D C:\Users\Nora\AppData\Local\HP
2019-03-22 19:14 - 2019-03-22 19:14 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-19 17:59 - 2019-03-19 17:59 - 000001412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2019-03-19 17:59 - 2019-03-19 17:59 - 000001400 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2019-03-19 17:07 - 2019-03-19 17:07 - 000000000 ____D C:\Users\Nora\AppData\Local\mbamtray
2019-03-19 17:07 - 2019-03-19 17:07 - 000000000 ____D C:\Users\Nora\AppData\Local\mbam
2019-03-17 20:01 - 2019-03-22 19:13 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-17 20:01 - 2019-03-17 20:01 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-17 20:01 - 2019-03-17 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-17 20:01 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-17 17:30 - 2019-02-16 05:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-17 17:29 - 2019-03-06 10:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-17 17:29 - 2019-03-06 10:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-17 17:29 - 2019-03-06 10:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-17 17:29 - 2019-03-06 10:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-17 17:29 - 2019-03-06 10:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-17 17:29 - 2019-03-06 10:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-17 17:29 - 2019-03-06 07:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-17 17:29 - 2019-03-06 07:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-17 17:29 - 2019-03-06 04:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-17 17:29 - 2019-03-06 04:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-17 17:29 - 2019-03-06 04:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-17 17:29 - 2019-03-06 04:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-17 17:29 - 2019-03-06 04:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-17 17:29 - 2019-03-06 04:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-17 17:29 - 2019-03-06 04:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-17 17:29 - 2019-03-06 04:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-17 17:29 - 2019-03-06 04:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-17 17:29 - 2019-03-06 03:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-17 17:29 - 2019-03-06 03:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-17 17:29 - 2019-03-06 03:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-17 17:29 - 2019-03-06 03:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-17 17:29 - 2019-03-06 03:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-17 17:29 - 2019-03-06 03:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-17 17:29 - 2019-03-06 03:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-17 17:29 - 2019-03-06 03:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-17 17:29 - 2019-03-06 01:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-17 17:29 - 2019-03-06 01:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-17 17:29 - 2019-03-06 01:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-17 17:29 - 2019-03-06 01:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-17 17:29 - 2019-03-06 00:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-17 17:29 - 2019-03-06 00:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-17 17:29 - 2019-03-06 00:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-17 17:29 - 2019-02-20 22:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-17 17:29 - 2019-02-16 08:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-17 17:29 - 2019-02-16 08:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-17 17:29 - 2019-02-16 08:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-17 17:29 - 2019-02-16 07:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-17 17:29 - 2019-02-16 07:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-17 17:29 - 2019-02-16 07:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-17 17:29 - 2019-02-16 07:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-17 17:29 - 2019-02-16 07:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-17 17:29 - 2019-02-16 07:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-17 17:29 - 2019-02-16 07:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-17 17:29 - 2019-02-16 07:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-17 17:29 - 2019-02-16 07:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-17 17:29 - 2019-02-16 07:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-17 17:29 - 2019-02-16 07:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-17 17:29 - 2019-02-16 07:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-17 17:29 - 2019-02-16 07:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-17 17:29 - 2019-02-16 07:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-17 17:29 - 2019-02-16 07:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-17 17:29 - 2019-02-16 07:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-17 17:29 - 2019-02-16 07:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-17 17:29 - 2019-02-16 07:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-17 17:29 - 2019-02-16 07:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-17 17:29 - 2019-02-16 07:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-17 17:29 - 2019-02-16 07:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-17 17:29 - 2019-02-16 05:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-17 17:29 - 2019-02-16 03:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-17 17:29 - 2019-02-16 03:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-17 17:29 - 2019-02-16 03:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-17 17:29 - 2019-02-16 03:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-17 17:29 - 2019-02-16 03:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-17 17:29 - 2019-02-16 03:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-17 17:29 - 2019-02-16 03:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-17 17:29 - 2019-02-16 03:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-17 17:29 - 2019-02-16 03:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-17 17:29 - 2019-02-16 03:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-17 17:29 - 2019-02-16 03:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-17 17:29 - 2019-02-16 03:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-17 17:29 - 2019-02-16 03:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-17 17:29 - 2019-02-16 03:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-17 17:29 - 2019-02-16 03:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-17 17:29 - 2019-02-16 03:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-17 17:29 - 2019-02-16 03:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-17 17:29 - 2019-02-16 03:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-17 17:29 - 2019-02-16 03:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-17 17:29 - 2019-02-16 03:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-17 17:29 - 2019-02-16 02:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-17 17:29 - 2019-02-16 02:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-17 17:29 - 2019-02-16 02:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-17 17:29 - 2019-02-16 02:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-17 17:29 - 2019-02-16 02:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-17 17:29 - 2019-02-16 02:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-17 17:29 - 2019-02-16 02:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-17 17:29 - 2019-02-16 02:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-17 17:29 - 2019-02-16 02:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-17 17:29 - 2019-02-16 02:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-17 17:29 - 2019-02-16 02:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-17 17:29 - 2019-02-16 02:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-17 17:29 - 2019-02-16 02:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-17 17:29 - 2019-02-16 02:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-17 17:29 - 2019-02-16 02:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-17 17:29 - 2019-02-16 02:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-17 17:29 - 2019-02-16 02:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-17 17:29 - 2019-02-16 02:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-17 17:29 - 2019-02-16 02:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-17 17:29 - 2019-02-16 02:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-17 17:29 - 2019-02-16 02:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-17 17:29 - 2019-02-16 02:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-17 17:29 - 2019-02-16 02:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-17 17:29 - 2019-02-16 02:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-17 17:29 - 2019-02-16 02:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-17 17:29 - 2019-02-16 02:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-17 17:29 - 2019-02-16 02:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-17 17:29 - 2019-02-16 02:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-17 17:29 - 2019-02-16 02:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-17 17:28 - 2019-03-06 10:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-17 17:28 - 2019-03-06 10:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-17 17:28 - 2019-03-06 07:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-17 17:28 - 2019-03-06 04:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-17 17:28 - 2019-03-06 04:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-17 17:28 - 2019-03-06 04:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-17 17:28 - 2019-03-06 04:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-17 17:28 - 2019-03-06 04:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-17 17:28 - 2019-03-06 03:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-17 17:28 - 2019-03-06 03:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-17 17:28 - 2019-03-06 03:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-17 17:28 - 2019-03-06 03:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-17 17:28 - 2019-03-06 01:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-17 17:28 - 2019-03-06 01:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-17 17:28 - 2019-03-06 00:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-17 17:28 - 2019-02-16 07:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-17 17:28 - 2019-02-16 07:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-17 17:28 - 2019-02-16 07:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-17 17:28 - 2019-02-16 07:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-17 17:28 - 2019-02-16 07:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-17 17:28 - 2019-02-16 07:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-17 17:28 - 2019-02-16 07:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-17 17:28 - 2019-02-16 03:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-17 17:28 - 2019-02-16 03:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-17 17:28 - 2019-02-16 03:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-17 17:28 - 2019-02-16 03:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-17 17:28 - 2019-02-16 02:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-17 17:28 - 2019-02-16 02:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-17 17:28 - 2019-02-16 02:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-17 17:28 - 2019-02-16 02:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-17 17:28 - 2019-02-16 02:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-17 17:28 - 2019-02-16 02:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-17 17:28 - 2019-02-16 02:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-17 17:28 - 2019-02-16 02:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-17 17:28 - 2019-02-16 02:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-17 17:28 - 2019-02-16 02:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-14 19:08 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-14 19:06 - 2017-09-01 19:53 - 000000000 ___RD C:\Users\Nora\Creative Cloud Files
2019-04-14 19:05 - 2016-08-27 19:51 - 000000000 ___HD C:\Users\Nora\AppData\Local\Adobe
2019-04-14 18:56 - 2016-09-13 20:25 - 000000000 ____D C:\Users\Nora\AppData\Roaming\WTablet
2019-04-14 18:55 - 2018-07-25 20:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-14 18:53 - 2018-04-11 16:04 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-04-14 18:52 - 2015-10-01 07:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2019-04-14 18:26 - 2018-07-25 19:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-14 11:37 - 2018-07-25 20:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-04-14 11:18 - 2017-07-15 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2019-04-14 11:18 - 2012-09-26 20:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2019-04-14 11:11 - 2017-06-14 21:29 - 000000000 ____D C:\Program Files\McAfee
2019-04-14 08:06 - 2018-07-25 20:12 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5EDC7ABF-B3D0-4F1F-A770-E8BED088493B}
2019-04-12 03:05 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-11 11:02 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-09 21:49 - 2017-06-14 21:22 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-04-09 21:15 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-09 21:14 - 2018-07-25 19:29 - 000430184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-09 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-09 20:33 - 2018-12-22 22:17 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-09 20:33 - 2018-12-22 22:17 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-09 20:28 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-09 20:01 - 2015-05-16 17:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-09 19:49 - 2015-04-22 20:32 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-08 12:21 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-04-04 21:22 - 2017-06-27 19:50 - 000000000 ____D C:\Program Files\rempl
2019-04-01 12:51 - 2018-12-01 14:41 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-01 12:51 - 2018-12-01 14:41 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-31 09:46 - 2015-12-31 05:18 - 000931448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-30 16:39 - 2018-07-25 19:43 - 000000000 ____D C:\Users\Nora
2019-03-30 14:47 - 2018-07-27 23:22 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1366119177-2540758352-3978259168-1001
2019-03-30 14:47 - 2018-07-25 19:43 - 000002406 _____ C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-30 14:47 - 2015-10-01 18:38 - 000000000 ___RD C:\Users\Nora\OneDrive
2019-03-27 19:19 - 2018-12-22 22:12 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-27 19:19 - 2018-12-22 22:12 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-26 17:50 - 2016-08-10 17:08 - 000000000 ___HD C:\Users\Nora\AppData\Local\Spotify
2019-03-26 17:50 - 2016-08-10 17:07 - 000000000 ____D C:\Users\Nora\AppData\Roaming\Spotify
2019-03-24 18:07 - 2016-06-21 22:11 - 000000000 ____D C:\Program Files (x86)\vShare Helper
2019-03-24 17:59 - 2019-02-27 22:03 - 000000000 ____D C:\Program Files (x86)\Steam
2019-03-19 18:09 - 2018-07-25 20:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-03-19 17:59 - 2016-08-27 19:53 - 000000000 ____D C:\Program Files (x86)\Adobe
2019-03-18 19:11 - 2018-07-25 20:12 - 000003316 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2019-03-18 19:06 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-18 19:06 - 2015-04-23 17:52 - 000000000 ____D C:\ProgramData\McAfee
2019-03-17 20:05 - 2015-04-23 17:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-17 19:10 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender

==================== Files in the root of some directories =======

2018-12-22 22:12 - 2018-12-22 22:12 - 007895040 _____ () C:\Program Files (x86)\GUT7147.tmp
2016-10-09 18:36 - 2017-01-16 19:13 - 000000033 _____ () C:\Users\Nora\AppData\Roaming\AdobeWLCMCache.dat
2017-03-12 23:16 - 2017-03-16 00:25 - 000000022 _____ () C:\Users\Nora\AppData\Roaming\rbx_hook
2017-03-12 23:16 - 2017-03-12 23:16 - 000000024 _____ () C:\Users\Nora\AppData\Roaming\version
2018-09-26 06:50 - 2019-03-26 02:50 - 000000719 _____ () C:\Users\Nora\AppData\Local\oobelibMkey.log
2019-02-23 16:09 - 2019-02-23 16:09 - 000000878 _____ () C:\Users\Nora\AppData\Local\recently-used.xbel
2018-12-28 08:42 - 2018-12-28 08:42 - 000000000 _____ () C:\Users\Nora\AppData\Local\{2489EC21-4738-40FE-A70F-985CB8691020}
2018-12-21 10:35 - 2018-12-21 10:35 - 000000000 _____ () C:\Users\Nora\AppData\Local\{3B25D5B8-B452-43F1-99FB-B205751BDB7E}
2018-12-16 10:18 - 2018-12-16 10:18 - 000000000 _____ () C:\Users\Nora\AppData\Local\{B20FF6C7-E5E6-41CF-A14C-03BE234D5997}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-25 19:29

==================== End of FRST.txt ============================

 

STEP3 RESULTS: Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Nora (14-04-2019 19:15:48)
Running from C:\Users\Nora\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-07-26 01:13:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1366119177-2540758352-3978259168-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1366119177-2540758352-3978259168-503 - Limited - Disabled)
escalon (S-1-5-21-1366119177-2540758352-3978259168-1006 - Administrator - Enabled) => C:\Users\escalon
Guest (S-1-5-21-1366119177-2540758352-3978259168-501 - Limited - Disabled)
Nora (S-1-5-21-1366119177-2540758352-3978259168-1001 - Administrator - Enabled) => C:\Users\Nora
WDAGUtilityAccount (S-1-5-21-1366119177-2540758352-3978259168-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{F60B8711-9A86-46F0-B4F0-E9E4D74E5DFD}) (Version: 20.28.3317.04403 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.28.3317.04403 - Alcor Micro Corp.)
AMD Catalyst Install Manager (HKLM\...\{CC6CCF1E-F361-910A-E41D-EB5176F1255C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.66.1 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1800 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM-x32\...\{36488064-FDB3-451C-923B-FDD9D69C2554}) (Version: 2.7.3 - Slimware Utilities Holdings, Inc.) Hidden
DYMO Label (HKLM-x32\...\{32F63575-CB7F-4DAC-B6DE-4B073BC82257}) (Version: 8.6.611.42161 - Newell Rubbermaid)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FortiClient SSLVPN v4.0.2300 (HKLM-x32\...\{A34DCE59-0004-0000-2300-3F8A9926B752}) (Version: 4.0.2300 - Fortinet Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.7.50.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
iCloud (HKLM\...\{82FCC407-A0E5-4B80-9241-5ABA78B61090}) (Version: 7.6.0.15 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
iTunes (HKLM\...\{36F365B3-05C2-455D-9D96-B73829DE046D}) (Version: 12.8.0.150 - Apple Inc.)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.47721 - Juniper Networks, Inc.)
Junos Pulse Core Components (HKLM-x32\...\{BF38F6AE-23B7-4186-9D24-CB3D71C39BB0}) (Version: 5.0.47721 - Juniper Networks) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R18 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.17336 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - )
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Spotify (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\Spotify) (Version: 1.0.94.262.g3d5c231c - Spotify AB)
Spotify (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\Spotify) (Version: 1.0.94.262.g3d5c231c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.8.3.3 - ) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
VC8 CRT (HKLM\...\{D2DC854A-B12C-411E-A158-27576F5ED0FC}) (Version: 8.0.50727.762 - Juniper Networks) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.)
WebM Project Directshow Filters (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WebM Project Directshow Filters (HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (11/19/2013 12.0.0.9050) (HKLM\...\842F79923C68674AEB21691125DD165B4B2B4ADD) (Version: 11/19/2013 12.0.0.9050 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Wondershare Filmora Scrn(Build 2.0.1) (HKLM\...\Wondershare Filmora Scrn_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F7BC4EE29FB} -> [Creative Cloud Files] => C:\Users\Nora\Creative Cloud Files [2017-09-01 19:53]
CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Nora\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-06-26] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-10] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Nora\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2019-01-07] (McAfee, Inc. -> McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06673974-8ADE-444C-9BB8-51763A91B146} - System32\Tasks\{E03FCA16-2BA0-4296-9C7E-EA25CD466735} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12007
Task: {1548D1EF-F703-4748-A6AB-73DB75A1EDAB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1C7ED789-1BE2-47B7-B9F6-9A9E0F6F912E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1D93ABDB-782C-4157-A254-B829167DF2EA} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {1FAA47B6-4854-4106-B3C6-B33180EEA9E5} - System32\Tasks\{0D0587A2-A128-400F-AC44-A9EC93BC3D2D} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Nora\AppData\Local\Roblox\Versions\version-0ae7a206c5f64a6e\RobloxPlayerLauncher.exe -c -uninstall
Task: {21E259CC-186E-4A8A-BB8A-2DEFF6B9FED6} - System32\Tasks\{11B0AF0A-AA26-48C6-B681-73EADA4B99A2} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12007
Task: {24774362-8FF8-4C2C-A0D3-DF5FC9FC471F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {30D524E9-79B0-41E9-9884-EF432F492890} - System32\Tasks\Opera scheduled Autoupdate 1532983134 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe
Task: {345DB3E1-309A-4EE8-B492-8F0EBD2DD6D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {385230DC-F9FB-4924-88E6-87FAE27C1041} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3CF68246-028A-4F03-9E8E-D75EB16EA5CC} - System32\Tasks\{DBA617C2-1D56-41C1-9F06-EC65456D29E3} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Nora\Downloads\Minecraft-Installer.exe -d C:\Users\Nora\Downloads
Task: {445866D3-1020-42D7-9499-76B029EB5DAE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {49181945-AF08-4A64-B251-917919A001D1} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated -> Adobe Inc.)
Task: {4F2DD9DB-D4D1-4C63-910A-A132AD5521B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {5364D03D-5F11-419F-B0ED-EE0579FE4231} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )
Task: {53BAD874-CF40-4D03-A91A-FB32F075B0DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {54F15019-F24E-436D-86D8-0CD08C051C10} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5541E9BF-1F95-484C-9F3F-E31DB8B1AF2C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58DF617A-7B01-4E3A-9859-AF576200AA36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {59A0598E-E615-415E-8856-EC5D07DE5270} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Inc. -> Apple Inc.)
Task: {5C5F2C4B-6ADC-4570-87B0-4FCB429AC766} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5CDCDF9F-BD20-446C-892D-BC4618C6F304} - System32\Tasks\{445558F3-EB04-4FFD-8861-608A540AA923} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?page=tsMain
Task: {5E61A0F0-5891-4A12-B292-8AF738BAA674} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {699FD9B0-E06F-40EC-B37D-4A54F12D413B} - \PaintTool SAI -> No File <==== ATTENTION
Task: {6A2E2B2A-D19C-4ED5-B882-1C79F5B9FE33} - System32\Tasks\{9B2B2BF9-571A-439F-8FCD-1C0C0472FC95} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.37.0.103/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {6A945380-DA91-4F49-A592-D51B07016FC1} - System32\Tasks\AdobeGCInvoker-1.0-escalon1-Nora => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {737A7896-E5AC-4099-B65E-F4D9537D9A21} - System32\Tasks\{2E118EE2-8E33-4568-857B-DBFE599F8898} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=12002
Task: {7864DC25-7FB3-4629-BC15-86E21BE4B92C} - System32\Tasks\AdobeAAMUpdater-1.0-escalon1-Nora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {86E55570-C03A-4F07-B2ED-07BC4B6B0013} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
Task: {8747D87B-AD0A-4E5C-BF5A-B6E8F6C39447} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {89D353ED-4213-4D5E-8B47-6C61827E36B9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Apple Inc. -> Apple Inc.)
Task: {8AF97166-5DEB-4220-AB66-1635011F5CA0} - System32\Tasks\Opera scheduled suite Autoupdate 1532983150 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe
Task: {8AFCD530-EC4C-4D24-820E-212DFC65148B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {91D37A8C-1E5F-4801-B10D-709C78596536} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {94D4C668-D90A-4A00-8A40-781DC3E8E25E} - System32\Tasks\{1C13A72D-514C-4E85-94E4-E310CCDFF2A2} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.37.0.103&LastError=-9
Task: {995AF317-BFAD-4824-96B2-88E4513CA037} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A1F06C69-D2D4-4ED5-A0B3-D25A1493D165} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {A2B24E26-61BA-4649-B2AE-21AF5AF80DF7} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {A6E09DED-B7DF-4F7D-B11A-0B853C512518} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A9F9B5E1-8FF2-4800-94FB-43F734859C4E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {aec80530-aca0-4d0d-887b-6e5808a5f6d9} - no filepath
Task: {B180610B-CBED-493C-8166-465FDCAC1116} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {CEE0045E-0913-42C3-B0F4-5AC555A85CBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D4CE2710-B68B-492D-8008-5941CF9CD8D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {D5891155-65A5-4665-8A33-FFD77C2A5970} - System32\Tasks\Opera scheduled assistant Autoupdate 1550606701 => C:\Users\Nora\AppData\Local\Programs\Opera\launcher.exe
Task: {D6D16CED-E5C3-4972-8BE5-F675265F8D0A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {DAB48764-AF1E-44DC-8663-B4D6866938EB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E20B9411-6AC6-4E78-9864-8BB567E6F353} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {E97185E1-7BBE-418B-8572-BF7E6379CE5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {ED5CE1C7-3184-4E7C-8905-C8D38557A08C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.207\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {EF90240B-8E0F-4915-B40A-309E7FC1A020} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F961FB77-7498-42CE-AE63-E8694E347056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Nora\Desktop\SAT¬ģ Registration - Your SAT Registra.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ¬†--profile-directory="Profile 2" --app-id=pmkeikenioofemopmppkehmafdafbihc
ShortcutWithArgument: C:\Users\Nora\Desktop\Use the Creative Cloud Cleaner Tool t.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ipblamillnafmheogllkdcnkchpgjnmc
ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\SAT¬ģ Registration - Your SAT Registra.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> ¬†--profile-directory="Profile 2" --app-id=pmkeikenioofemopmppkehmafdafbihc
ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Use the Creative Cloud Cleaner Tool t.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ipblamillnafmheogllkdcnkchpgjnmc
ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Nora - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2012-09-26 20:51 - 2012-08-10 02:06 - 000321536 ____N (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2017-06-12 18:45 - 2012-02-14 20:37 - 000594432 _____ (Realtek Semiconductor Corp. ) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2016-11-07 15:13 - 2016-11-07 15:13 - 000027136 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
2017-06-12 20:40 - 2012-05-10 10:38 - 000036864 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
2017-06-12 19:42 - 2012-09-25 16:25 - 000405504 _____ (Realtek) [File not signed] C:\Windows\SwUSB.exe
2016-11-07 15:14 - 2016-11-07 15:14 - 004869632 _____ (DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe
2016-09-18 18:29 - 2016-05-04 16:16 - 000114688 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\logger.job
2016-09-18 18:29 - 2016-05-04 16:17 - 000077824 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\bitutils.dll
2016-09-18 18:29 - 2016-05-04 16:17 - 000229376 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\session.dll
2016-09-18 18:29 - 2016-01-06 19:33 - 001212416 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\LIBEAY32.dll
2016-09-18 18:29 - 2016-05-04 16:16 - 000241664 _____ (Kunshan Aunbox software co.,Ltd) [File not signed] C:\Program Files (x86)\Common Files\aunhelper\update.job
2019-03-17 20:01 - 2019-03-22 19:13 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-17 20:01 - 2019-03-22 19:12 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-17 20:01 - 2019-03-22 19:13 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-22 19:12 - 2019-03-22 19:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-22 19:12 - 2019-03-22 19:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-22 19:12 - 2019-03-22 19:13 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2016-11-07 15:11 - 2016-11-07 15:11 - 000484352 _____ (DYMO Corporation) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\PrintingSupportLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\localhost -> localhost

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-08-04 18:09 - 000001361 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1            176.31.241.10
127.0.0.1            54.148.249.18
127.0.0.1            54.68.188.84
127.0.0.1            54.221.244.28
127.0.0.1            40.77.226.250
127.0.0.1            54.187.37.182
127.0.0.1            serwer2.paka-service.com
127.0.0.1            thislineskipsanyemptylines
127.0.0.1            mirillis.com
127.0.0.1            ns386119.ovh.net
127.0.0.1            mirillis.pl
127.0.0.1            mirillis.eu
127.0.0.1            www.mirillis.com
127.0.0.1            updates.mirillis.com  

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files\Broadcom\Broadcom 802.11;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\WIDCOMM\Bluetooth Software\;c:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185605279\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185605842\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\Desktop\IMG_8509.jpg
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\Desktop\IMG_8509.jpg
HKU\S-1-5-21-1366119177-2540758352-3978259168-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607201\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1366119177-2540758352-3978259168-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185607811\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "MouseRecorder.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "JunosPulse"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "sefb"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "prsetup.exe"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "prsetup.exe"
HKU\S-1-5-21-1366119177-2540758352-3978259168-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04142019185606092\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7CDC6B05-989E-4FBB-95BC-A87AE3F42015}] => (Allow) LPort=52000
FirewallRules: [{899B0F68-B7A5-4F25-8662-749542FA8E53}] => (Allow) LPort=53000
FirewallRules: [{D842C531-2A70-48E9-A81C-973B5CDFE0FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe No File
FirewallRules: [{FC99EC5B-18EB-4ABD-A6DD-6DA2828894E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe No File
FirewallRules: [{3F465E22-EA2F-4A4B-9DB7-6AE8A64B4DD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2968C929-4DB5-44C5-8511-C1D4F6184A36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe No File
FirewallRules: [{2EB7A75A-AAB7-433B-8EFA-123981AEDB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Whos Your Daddy\WhosYourDaddy.exe No File
FirewallRules: [{ED4EB94A-F9D1-46A7-8C40-50121EA0DA2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe No File
FirewallRules: [{DAAA5A4C-85A0-454E-BDF4-7F7F895C2403}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe No File
FirewallRules: [{A245DFA1-1D33-462D-AF8D-FF2EF0B45291}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80FF6B06-AA36-489B-BFE2-ACAC5074AD74}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File
FirewallRules: [{80360C0D-EFDA-4B50-8E35-675B9CC2CE08}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe No File
FirewallRules: [{AA1386BA-DDF2-4580-8C6E-843B9002CEAE}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File
FirewallRules: [{4C4BF115-FF2A-4162-BF9D-9148FBE27FAA}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe No File
FirewallRules: [{734664F8-A4BD-447D-BA36-7AC5A242B2E2}] => (Allow) C:\Users\Nora\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{CC5E640F-859E-45FD-A289-5876BEBF5475}] => (Allow) C:\Users\Nora\AppData\Local\Temp\RemoveTemp.exe No File
FirewallRules: [{1520F5FD-9151-42B0-B82E-F7DFE2636700}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{55DE6848-FF34-4CC2-AE98-6961A26F0B40}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe No File
FirewallRules: [{33B703B2-A566-4461-B1A2-4E4B0F050985}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{D9B63BE1-EBA0-489C-A760-DEDD5A4EA19E}] => (Allow) C:\Program Files\Andy\HandyAndy.exe No File
FirewallRules: [{840A2455-13A1-41C1-97A2-5B936B2DBED7}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{71A7B4E6-3039-4B73-A074-9332E1502AD1}] => (Allow) C:\Program Files\Andy\AndyConsole.exe No File
FirewallRules: [{76C7256F-1D9B-4627-A3C1-08C5B70E49FE}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{C9D2E3DF-A6C7-4128-A7DE-ADF9D351DA3E}] => (Allow) C:\Program Files\Andy\andy.exe No File
FirewallRules: [{3A5C109B-C93F-486D-BB12-DF72464235C2}] => (Allow) C:\Users\Nora\AppData\Local\Temp\andy-x64\Setup.exe No File
FirewallRules: [{2F6C83A1-F9D1-48A1-8650-3F5D77246A21}] => (Allow) C:\Users\Nora\AppData\Local\Temp\andy-x64\Setup.exe No File
FirewallRules: [{77CFE290-B892-4D00-94B1-CAC3619DEB2D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{D2F061B5-9EB6-4C38-B511-994B0874DE55}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{A43FC8C4-5CFF-4144-AF0A-9908CF924702}] => (Allow) C:\Users\Nora\Downloads\LiquidSkyClient0.2.9.exe No File
FirewallRules: [{3250C05A-7B16-45D4-9EAF-28FB2C57A794}] => (Allow) C:\Users\Nora\Downloads\LiquidSkyClient0.2.9.exe No File
FirewallRules: [{8EC1D1E3-FD75-482D-AF4B-420EE2F3EC40}] => (Allow) C:\Users\Nora\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{57FCA181-9E5C-4617-B1F9-499415E440E9}] => (Allow) C:\Users\Nora\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{26C22887-1967-47C3-8EB7-40E718311932}] => (Allow) C:\Users\Nora\AppData\Local\Temp\7zS6107\HPDiagnosticCoreUI.exe No File
FirewallRules: [{F47B5ECF-284A-4DB0-8548-9D9F3A3053C1}] => (Allow) C:\Users\Nora\AppData\Local\Temp\7zS6107\HPDiagnosticCoreUI.exe No File
FirewallRules: [{74D8ED09-3F43-4B2D-BD5B-4E6F1ABBAED2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{E7578231-6004-4033-AFEB-C984B02B14DC}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [{3A84E306-DDD2-4FFB-9357-A4A3B028CA90}] => (Allow) LPort=53
FirewallRules: [{690DDC29-F554-4741-82A0-70D8E3D1622A}] => (Allow) LPort=53
FirewallRules: [{1E592B0B-9BA9-42BC-ABE1-D6C2C1423A5C}] => (Allow) LPort=68
FirewallRules: [{1ADF8DB4-B5D9-4289-B85C-2E8C31526627}] => (Allow) LPort=67
FirewallRules: [{8C1B2E16-009A-4DB7-899C-4800C06BAE08}] => (Allow) LPort=1542
FirewallRules: [{4D0EBD0F-4657-4B76-B5B1-A8613481E8A5}] => (Allow) LPort=1542
FirewallRules: [{4B0F4774-81E4-40E1-B55D-04B4CE41EBDA}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{4F2ACA87-E541-45EE-9080-EEF460FD471F}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{E1405703-CFBA-4CFB-A0CA-B7BED2796A66}] => (Allow) LPort=53
FirewallRules: [{0054F023-13BB-44E5-A229-CFDF7F8F0C36}] => (Allow) LPort=1542
FirewallRules: [{90A0C847-E02F-4D5C-921B-68E4C2F64BFB}] => (Allow) LPort=1542
FirewallRules: [{B84558AF-D160-412A-932B-D9B6E223D1A5}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{71484D28-3CA9-43E8-9AB8-CCC8645E82C8}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{47C0A559-1108-4EC2-835C-50315A920053}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{8C3B0E41-3F92-46A7-A9D8-63986DE24C47}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{BA37B7F8-79D3-451E-958F-0B20E237F998}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{D1049A60-0BFE-4B37-ACB1-05D168432F92}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [UDP Query User{4E01F845-1578-429F-B1AA-6C5C6287118E}C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe] => (Allow) C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe No File
FirewallRules: [TCP Query User{2A5678FE-8BAE-4F2A-9C1B-CCF36602E937}C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe] => (Allow) C:\users\nora\appdata\local\roblox\versions\version-bb1bee1583a84786\robloxstudiobeta.exe No File
FirewallRules: [UDP Query User{49A35847-E600-4878-8129-1658E53B1096}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{37BFF87E-F39A-445D-BC70-3B6B6B7D9C52}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{EBF662B5-06E2-4FE4-8F78-D0C08FEBCA58}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{C649BF41-8B28-409D-8689-98D582F7402B}C:\users\nora\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nora\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FA33E67C-E8B2-44CC-89D4-F31323208303}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File
FirewallRules: [UDP Query User{1435A95C-FF91-47DF-87A6-77AA9050AF66}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{B49438A3-B14E-4C2D-850F-A4A2AB5F52A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{5CA72CF8-BCAE-46EE-A908-441C645709E2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{8E33F300-AF0C-42D0-997B-76CFE2134402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe No File
FirewallRules: [{3D65999E-090C-4D4E-8174-1397B3CEF16C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe No File
FirewallRules: [UDP Query User{FD9C53C0-7451-4ED5-8ED6-3021D5473F61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{679BFBD1-F9F5-4727-91E8-D5CC8DB4A36B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{841325C7-4BDC-4A86-B7E2-B1291A018C59}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{543144CF-4882-4A65-863D-66A7B61F0245}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{FE5057FC-98AD-4AAF-85D9-0B829CBFDECC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8800ACF6-F02D-4B87-98A7-9DB16FCBEA9C}] => (Allow) LPort=2869
FirewallRules: [{DF99A83F-D235-4BCA-9A2D-59627A8E949C}] => (Allow) LPort=1900
FirewallRules: [{3EF62BB8-06C5-4E45-ABA3-E656E52F90BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E34E25B9-A67D-4C2A-8EF4-32C0BE6F769F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{027C36D7-8CE7-4368-B217-CB40EAECF48C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{745C2616-D2B9-474B-BEE8-A9DE1946C783}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{7299F324-EC9D-4A7A-B48C-6C1504CA2CC7}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{1FEC6EE7-64B5-42E1-A82E-9EEF02C0395A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{126A659F-91D2-4A3C-AA5E-A01AEBD42015}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{A17130C2-51CF-4D5D-A3F4-AD7BE56326B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe No File
FirewallRules: [{D8BF0B02-EA48-4AE4-B443-980B4C0B4039}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{B8BDB825-5C24-403B-8C1F-D4B6D914ECEE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe No File
FirewallRules: [{C1A990B8-F09E-482E-8F4A-942715222BB2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{B02C2BE7-14F5-44B7-B56B-B1D801841A7F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{86D9D47D-2390-4FC1-AFCF-E79264AEA90A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{12DC449F-1AB6-45AD-8C5A-DF55C4B2E425}] => (Allow) C:\Users\Nora\AppData\Local\Programs\Opera\57.0.3098.116\opera.exe No File
FirewallRules: [{C29D4495-ED18-4AA0-8134-9B15431CD2C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{31251605-1CF6-45DB-B7BA-7FACBC0AFDC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{9520883A-00A9-4E90-B82D-E843965E19FA}] => (Allow) C:\Users\Nora\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe No File
FirewallRules: [{8F089BE8-2F73-4AB7-9240-333B544F2FD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

26-03-2019 23:15:10 Scheduled Checkpoint
04-04-2019 21:19:20 Windows Update
09-04-2019 19:46:23 Windows Update

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Link in Compliance Mode)
Description: Unknown USB Device (Link in Compliance Mode)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname escalon1.local already in use; will try escalon1-2.local instead

Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 escalon1.local. Addr 192.168.1.132

Error: (04/14/2019 05:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.132:5353   16 escalon1.local. AAAA 2605:6000:1609:8029:0000:9401:6A9D:AA60

Error: (04/14/2019 05:23:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2019.19021.18010.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 654

Start Time: 01d4f30f2b7fae87

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 36d8ef40-c9d1-4516-aa23-fc0ebcfffdd7

Faulting package full name: Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (04/14/2019 05:13:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2019.19021.18010.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 21b0

Start Time: 01d4f30749f89c79

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 746ecdbd-cdff-4fe5-a60f-861e285a32c7

Faulting package full name: Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname escalon1.local already in use; will try escalon1-2.local instead

Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 escalon1.local. Addr 192.168.1.132

Error: (04/14/2019 11:37:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.132:5353   16 escalon1.local. AAAA 2605:6000:1609:8029:0000:9401:6A9D:AA60


System errors:
=============
Error: (04/14/2019 07:07:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Error: (04/14/2019 07:04:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.

Error: (04/14/2019 07:01:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (04/14/2019 06:59:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (04/14/2019 06:59:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Touchpoint Analytics service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/14/2019 06:59:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Touchpoint Analytics service to connect.

Error: (04/14/2019 06:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/14/2019 06:58:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.


Windows Defender:
===================================
Date: 2019-03-09 14:53:30.342
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6FB17E88-38B6-4C5B-B1A4-9CF075A46CC5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-07 21:29:58.211
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.291.1370.0
Previous Signature Version: 1.289.775.0
Update Source: Signature Update Folder
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.15800.1
Previous Engine Version: 1.1.15800.1
Error code: 0x80004004
Error description: Operation aborted 

Date: 2019-04-07 21:29:58.210
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.291.1370.0
Previous Signature Version: 1.289.775.0
Update Source: Signature Update Folder
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.15800.1
Previous Engine Version: 1.1.15800.1
Error code: 0x80004004
Error description: Operation aborted 

Date: 2019-03-19 18:11:40.730
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.289.1599.0
Previous Signature Version: 1.289.775.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.15700.9
Previous Engine Version: 1.1.15700.9
Error code: 0x80004004
Error description: Operation aborted 

Date: 2019-03-19 18:11:40.730
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.289.1599.0
Previous Signature Version: 1.289.775.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.15700.9
Previous Engine Version: 1.1.15700.9
Error code: 0x80004004
Error description: Operation aborted 

Date: 2019-02-25 20:40:58.530
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007041d
Error description: The service did not respond to the start or control request in a timely fashion. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.

CodeIntegrity:
===================================

Date: 2019-04-13 09:04:42.735
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-13 09:04:42.505
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-13 09:04:41.200
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-13 09:04:36.579
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-13 09:04:27.782
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-13 09:03:54.246
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-04-10 14:17:29.748
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-04-10 14:17:29.695
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 96%
Total physical RAM: 1431.52 MB
Available physical RAM: 55.62 MB
Total Virtual: 3379.26 MB
Available Virtual: 671.63 MB

==================== Drives ================================

Drive ūüėĄ (OS) (Fixed) (Total:1841.07 GB) (Free:1518.99 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.69 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (USB DISK) (Removable) (Total:3.61 GB) (Free:0.27 GB) FAT32

\\?\Volume{d7d5730d-95c0-4ad5-8029-fc06946e3ac7}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{35b812d1-f0ba-4488-9d1d-6c89f6996261}\ () (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{2155f950-e4e1-47ed-b64b-0887d896edd8}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{98b7139c-5352-4fe1-9206-ee8a695b56c8}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.3 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: C9362D14)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

malwarebytes04142019.txt AdwCleaner[S00].txt FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi, Please see below Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by Nora (15-04-2019 06:54:41) Run:1
Running from C:\Users\Nora\Desktop
Loaded Profiles: Nora (Available Profiles: Nora & escalon & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\Common Files\Wondershare
ÔĽŅHKÔĽŅLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\ÔĽŅWondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMÔĽŅITED -> WonderÔĽŅshare)ÔĽŅ

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
"C:\Program Files\Common Files\Wondershare" => not found
ÔĽŅHKÔĽŅLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\ÔĽŅWondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMÔĽŅITED -> WonderÔĽŅshare)ÔĽŅ¬†=> Error: No automatic fix found for this entry.

==== End of Fixlog 06:54:41 ====

Share this post


Link to post
Share on other sites

You can remove those folders manually.

As for the slowness here is your problem:

Total physical RAM: 1431.52 MB

No matter what you do it'll be slow unless you buy more RAM.

In todays computer 8GB would be some base. The more the better.

Share this post


Link to post
Share on other sites

You're very welcome ūüôā

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...