Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.02.2019 02 Ran by Betty (22-02-2019 23:39:55) Running from C:\Users\Betty\Desktop Windows 10 Home Version 1803 17134.590 (X64) (2018-05-22 00:44:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2164851890-4157585229-2641369706-500 - Administrator - Disabled) Betty (S-1-5-21-2164851890-4157585229-2641369706-1001 - Administrator - Enabled) => C:\Users\Betty DefaultAccount (S-1-5-21-2164851890-4157585229-2641369706-503 - Limited - Disabled) Guest (S-1-5-21-2164851890-4157585229-2641369706-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2164851890-4157585229-2641369706-1003 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2164851890-4157585229-2641369706-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Trend Micro Maximum Security (Enabled - Up to date) {90387C74-1C56-9484-893C-8ADCB2906C3D} AS: Trend Micro Maximum Security (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated) Azkend 2: The World Beneath (HKLM-x32\...\WTA-36894e8b-c90e-427c-ae2a-b247e0928557) (Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b604f961-de56-4501-9864-1d6762463dea) (Version: 3.0.2.48 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden Coyote The Outlander (HKLM-x32\...\WTA-608ce4ff-cc42-41b5-9398-4cd698963d65) (Version: 3.0.2.59 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-69e19651-27cb-4c7f-81bd-8815adafe2bc) (Version: 3.0.2.59 - WildTangent) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Entwined: The Perfect Murder (HKLM-x32\...\WTA-a59f000f-4f7c-4db9-a1e9-de60f1eff1d1) (Version: 3.0.2.59 - WildTangent) Hidden Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation) EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.109 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hidden Odyssey 2 in 1 Pack (HKLM-x32\...\WTA-7e4596f9-f698-4423-9059-6f2ec458ffdb) (Version: 3.0.2.59 - WildTangent) Hidden Home Makeover (HKLM-x32\...\WTA-adc560a4-bcc8-4ff6-8d6a-eedac7944174) (Version: 3.0.2.59 - WildTangent) Hidden HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard) HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company) HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-f694afab-de09-4929-9fe0-0bab0192fa05) (Version: 3.0.2.59 - WildTangent) Hidden Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-8a302da5-94b8-4516-af7e-18958d817e37) (Version: 3.0.2.59 - WildTangent) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation) IntelĀ® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-d32e524b-90d7-4878-9a46-4387666f93bb) (Version: 3.0.2.59 - WildTangent) Hidden LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.) Magic Heroes: Save Our Park (HKLM-x32\...\WTA-145a99eb-8bbc-42bd-8b32-2a18718681ed) (Version: 3.0.2.59 - WildTangent) Hidden Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-32a669c1-7479-4233-a31c-a120c160e2e9) (Version: 3.0.2.59 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-a5a91193-257f-4b6e-9e80-972be6b73608) (Version: 3.0.2.59 - WildTangent) Hidden Plagiarii (HKLM-x32\...\WTA-524196b3-3f42-4695-95e8-e2968f32f2ba) (Version: 3.0.2.59 - WildTangent) Hidden Polar Bowler 1st Frame (HKLM-x32\...\WTA-8b05aefd-e9a5-4b3b-8d0b-949c0c1dcbbf) (Version: 3.0.2.59 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.) Royal Envoy Double Pack (HKLM-x32\...\WTA-6cf0024a-e895-401a-b9e4-aa96c7d26f93) (Version: 3.0.2.59 - WildTangent) Hidden Runefall (HKLM-x32\...\WTA-81acb04d-ce05-46e6-a5a5-75c5c814b3c9) (Version: 3.0.2.126 - WildTangent) Hidden Rush Hour! Gas Station (HKLM-x32\...\WTA-ff1e2f52-6956-49e2-818a-26b8e4675bd2) (Version: 3.0.2.59 - WildTangent) Hidden Sky High Farm (HKLM-x32\...\WTA-9a88e0e0-081d-4396-af4b-4cb7a327d918) (Version: 3.0.2.59 - WildTangent) Hidden Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-bcccc297-328b-40cb-a3e5-535ae467608e) (Version: 3.0.2.51 - WildTangent) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 15.0 - Trend Micro Inc.) Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation) Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Windows -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02E20B43-0E96-4B91-B82A-06298E110733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {1800A432-D9A1-4083-B15F-3FF793CF452B} - System32\Tasks\S-1-5-21-2164851890-4157585229-2641369706-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation) Task: {1E55CA30-C895-4C7A-98B1-A80F608A5F7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.) Task: {2C31936C-9BBF-4870-B8F0-8D747E1A9C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {2DB4DFBB-CB17-4103-AAFE-E1263BE1E99D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.) Task: {3009178E-8F33-47B8-87C9-E8ED2B360B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {35A53799-8FB6-4232-B00D-6E3134772CA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {4BF43071-A664-415F-A8AA-B579EB40677C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {4E271199-71FC-43DC-B10B-3B686B6F557A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {5261B7F0-D1DC-4DC3-8B2C-3AA648788B30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {5E1EB23E-8FC1-4831-AA04-197054DD0291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp74344.exe <==== ATTENTION Task: {6E92A296-A7BD-4070-8E31-E0F01940AF84} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {82EBFA04-7091-4CE3-8D24-B1FAABB23038} - System32\Tasks\HPCeeScheduleForBetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard) Task: {90CD6B83-53AD-49BB-888D-68DDB6A9B11E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> ) Task: {92730611-3A82-404B-967B-8CD92EF8F14A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {AA550AFF-0F28-4D54-B5B8-B35EC80B751E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {ACEC5CCD-885C-4286-8B70-A732FD60364B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.) Task: {BD367BE6-B646-435D-B04E-3E957DA2E635} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CFA11CE7-6D7D-47A6-A192-705835BEB7FB} - System32\Tasks\ParetoLogic Registration3 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {D17CBE32-2E85-4344-A87D-F5AAB30077B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {DAF2F41F-205F-458E-862F-862BA482A87A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {E6DF8C0A-CA75-4112-B1F1-038E717CD3D3} - System32\Tasks\DriverUpdate Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe Task: {EC1119CF-D161-4E84-8230-6645DD51A657} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {F2DEF21C-8F4A-458B-8267-1CF63F3FC8BA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {F6DACEBF-5F4C-45CF-98D2-8D7489796FC8} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe (Trend Micro, Inc. -> Trend Micro Inc.) Task: {F83FD891-DD6C-4C31-92AB-505CF04846C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForBetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\(3) Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=celnaknmndcdcjcagffhbhciignkeokb ShortcutWithArgument: C:\Users\Betty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Betty - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000041248 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc140-mt-1_62.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000078648 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc140-mt-1_62.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000764840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000134272 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc140-mt-1_62.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000050584 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc140-mt-1_62.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 000400768 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf-lite.dll 2018-10-15 15:24 - 2018-05-24 15:05 - 002736832 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2018-10-15 15:16 - 2018-07-30 10:47 - 000182536 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2018-10-15 15:26 - 2018-07-30 10:47 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll 2018-10-15 15:26 - 2018-07-30 10:47 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll 2018-10-15 15:26 - 2018-07-30 10:47 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll 2018-10-15 15:26 - 2018-07-30 10:47 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll 2018-10-15 15:26 - 2018-07-30 10:47 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll 2015-05-27 21:38 - 2014-04-14 20:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2017-01-25 04:42 - 2018-09-19 01:00 - 000398832 _____ () C:\WINDOWS\system32\igfxTray.exe 2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-12-12 10:34 - 2018-11-08 21:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2019-02-12 19:25 - 2019-02-05 21:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2019-02-13 20:53 - 2019-02-13 00:14 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libglesv2.dll 2019-02-13 20:53 - 2019-02-13 00:14 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.109\libegl.dll 2019-02-22 17:36 - 2019-02-22 17:37 - 004231680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1812.10048.0_x64__8wekyb3d8bbwe\Calculator.exe 2018-12-06 15:01 - 2018-12-06 15:01 - 004380232 _____ () C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2015-07-10 22:37 - 2015-07-10 22:37 - 001243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2018-11-17 19:07 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts 2016-02-18 16:48 - 2017-09-06 11:54 - 000000578 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 10.0.0.10 BettysPC2015.mshome.net # 2022 9 1 5 16 54 39 178 263 2.168.137.94 Bobs-Laptop.mshome.net # 2016 7 6 9 19 44 0 412 192.168.137.170 kindle-ed54a041b.mshome.net # 2016 6 4 30 19 16 49 990 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files\Broadcom\Broadcom 802.11;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{B5890AC3-4B72-44F9-9881-3515B9B70767}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{CEA3456A-702B-409A-BD4D-9BD6E489A7EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{697C232B-4940-47B3-98AA-B3720FB0A6AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{09A6533F-7CCF-4619-9447-51FA51EE983C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{5741F3BE-D9F6-45A8-B8BD-3CD870B79D30}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) ==================== Restore Points ========================= 11-02-2019 15:16:35 Scheduled Checkpoint 14-02-2019 21:07:22 Windows Update 17-02-2019 11:40:47 Windows Backup 20-02-2019 17:07:55 Installed Epson Software Updater ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2019 08:20:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 2019.18114.17710.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1eb8 Start Time: 01d4cae9addc5c89 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: af8cad8b-2bcd-451d-8a37-53c021aa02b8 Faulting package full name: Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (02/22/2019 02:26:23 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (02/22/2019 02:26:23 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (02/22/2019 02:26:22 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (02/22/2019 02:26:22 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (02/22/2019 02:26:21 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (02/22/2019 02:26:20 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected Error: (02/22/2019 02:25:54 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected System errors: ============= Error: (02/22/2019 05:33:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout. Error: (02/22/2019 02:30:26 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/22/2019 11:29:22 AM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2019 10:35:31 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2019 05:24:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout. Error: (02/21/2019 02:53:16 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/21/2019 12:45:53 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (02/20/2019 10:34:58 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-08-11 09:38:28.156 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {801145B0-559C-462D-8445-762B4351C277} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-10 20:49:27.165 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {D3E3215E-F7D7-4728-AB5F-447332B762D8} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-10 20:25:43.132 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {79EDFD76-2BFB-4BA7-B6E1-194540CE6DFC} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-08-13 18:19:20.134 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this device. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-08-08 10:24:55.473 Description: Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0 Date: 2018-05-21 20:44:00.323 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80508023 Error description: The program could not find the malware and other potentially unwanted software on this device. Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2018-08-09 17:35:33.867 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:35:33.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:35:29.659 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:35:29.648 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:35:18.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:35:18.633 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:24:07.609 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-08-09 17:24:07.539 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz Percentage of memory in use: 75% Total physical RAM: 4000.11 MB Available physical RAM: 967.48 MB Total Virtual: 11002.49 MB Available Virtual: 6373.4 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:910.88 GB) (Free:843.7 GB) NTFS Drive d: (Recovery Image) (Fixed) (Total:18.31 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)] \\?\Volume{7bb06320-42a1-44a7-bda8-4ef6c2e8d21e}\ (Windows RE tools ) (Fixed) (Total:1 GB) (Free:0.69 GB) NTFS \\?\Volume{7c9f7e35-bb3c-4772-bb96-5e318270c952}\ () (Fixed) (Total:0.85 GB) (Free:0.46 GB) NTFS \\?\Volume{e0112102-323a-46ce-949d-0c1f9340fbb3}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: FA81AF41) Partition: GPT. ==================== End of Addition.txt ============================