Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer virus [Solved]

Started by Nayung116 , Feb 16 2019 05:17 PM

This topic is locked

#1
Nayung116

Posted 16 February 2019 - 05:17 PM

Member

Member
37 posts

Hi, I think there might be a virus on my computer, after I downloaded something one of my games won't load anymore.

Moderator:

@ Nayung116

Read here before posting.

#2
Nayung116

Posted 16 February 2019 - 06:40 PM

Member

Topic Starter
Member
37 posts

Hi, I think I have a virus, my games won't load and weird icons keep popping up.

Edited by Nayung116, 16 February 2019 - 06:40 PM.

#3
iMacg3

Posted 17 February 2019 - 10:46 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Welcome to the Geeks to Go Malware Removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:

Do not run any fixes or tools on your system unless I request that you do so.
Please read all instructions carefully, and complete them in the order listed.
If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
If you have pirated or illegal software on your computer, uninstall it now before proceeding.
If you have questions about anything, please ask.

--------------------

Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
When the tool opens, click Yes to the disclaimer.
Press the Scan button.
When finished, two log files will open - FRST.txt and Addition.txt.
Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.

#4
Nayung116

Posted 17 February 2019 - 09:18 PM

Member

Topic Starter
Member
37 posts

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.02.2019 01
Ran by Kids Upstairs Landin (administrator) on DESKTOP-N6DBOOU (16-02-2019 16:37:25)
Running from C:\Users\Kids Upstairs Landin\Desktop
Loaded Profiles: Kids Upstairs Landin (Available Profiles: Kids Upstairs Landin)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
() C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_18_9\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\3.0.127.0\McCSPServiceHost.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
() C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulAlert.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(WebDiscover Media) C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe
(WebDiscover Media) C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe
(WebDiscover Media) C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe
(WebDiscover Media) C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
(Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
(Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BtServer] => "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-07-05] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe [4010720 2018-07-17] (web discover -> WebDiscover Media) <==== ATTENTION
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2107232 2017-12-19] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Winlogon: [Userinit]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{358edba3-6921-4cb8-8f28-4c419421c7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0eecfca-f652-4e21-a7f5-36c178b6a9da}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {1162C60A-F2D7-4C2B-B05F-5E6E6F2E5D9B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1162C60A-F2D7-4C2B-B05F-5E6E6F2E5D9B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3577402269-2411322605-3892774908-1001 -> {1162C60A-F2D7-4C2B-B05F-5E6E6F2E5D9B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2018-05-04] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2018-05-04] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-02-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-02-05] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2019-02-16] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-12-19] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2018-11-27] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-12-01] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2018-11-27] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-12-01] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe [504832 2018-11-20] (Advanced Micro Devices, Inc. -> AMD)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157000 2019-01-31] (Byte Technologies LLC -> Byte Technologies LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
S4 HfcDisableService; C:\windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\windows\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-07-05] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [214672 2018-02-19] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_9\McApExe.exe [744312 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2017-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366960 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [590712 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [499576 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1705968 2018-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1333064 2018-10-25] (McAfee, Inc. -> McAfee, Inc.)
R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [168704 2018-10-17] (VoiceFive, Inc. -> VoiceFive, Inc.) <==== ATTENTION
R2 RstMwService; C:\windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkBtAudioServ; C:\windows\RtkBtAudioServ.exe [189928 2018-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 RtkBtManServ; C:\windows\RtkBtManServ.exe [679400 2018-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 rtop; c:\program files\bytefence\rtop\bin\rtop_svc.exe [297288 2019-02-16] (Byte Technologies LLC -> Byte Technologies LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1495912 2019-01-08] (WildTangent Inc -> )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)
R2 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [838440 2018-07-09] (Corel Corporation -> Corel Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\windows\System32\drivers\amdkmafd.sys [66968 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmdag.sys [47076864 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atikmpag.sys [587264 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [103088 2018-11-20] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S0 aswArDisk; C:\windows\System32\drivers\aswArDisk.sys [37104 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\windows\System32\drivers\aswArPot.sys [205400 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\windows\System32\drivers\aswbidsdriver.sys [225680 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\windows\System32\drivers\aswbidsh.sys [196072 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\windows\System32\drivers\aswblog.sys [320696 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\windows\System32\drivers\aswbuniv.sys [57960 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S0 aswElam; C:\windows\System32\drivers\aswElam.sys [15488 2019-02-16] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\windows\System32\drivers\aswHdsKe.sys [249672 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswKbd; C:\windows\System32\drivers\aswKbd.sys [42288 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\windows\System32\drivers\aswMonFlt.sys [167304 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\windows\System32\drivers\aswRdr2.sys [112312 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\windows\System32\drivers\aswRvrt.sys [87944 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\windows\System32\drivers\aswSnx.sys [1034432 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\windows\System32\drivers\aswSP.sys [474456 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\windows\System32\drivers\aswStm.sys [216784 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\windows\System32\drivers\aswVmm.sys [379952 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [111112 2018-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 cfwids; C:\windows\System32\drivers\cfwids.sys [77120 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [235784 2018-10-03] (McAfee, Inc. -> McAfee, Inc.)
R3 iaLPSS2_GPIO2; C:\windows\System32\drivers\iaLPSS2_GPIO2.sys [123544 2017-10-15] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 iaStorAC; C:\windows\System32\drivers\iaStorAC.sys [1094800 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\windows\System32\drivers\iaStorAfs.sys [73360 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [508736 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [371520 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [85632 2018-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [515392 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [975168 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [560944 2018-10-02] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [108840 2018-10-02] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [117568 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [253760 2018-10-04] (McAfee, Inc. -> McAfee, LLC)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [1026896 2018-05-07] (Realtek Semiconductor Corp. -> Realtek )
S3 RtkAvrcp; C:\windows\System32\drivers\RtkAvrcp.sys [71104 2018-03-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [421312 2017-11-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 16:37 - 2019-02-16 16:37 - 000025974 _____ C:\Users\Kids Upstairs Landin\Desktop\FRST.txt
2019-02-16 16:35 - 2019-02-16 16:37 - 000000000 ____D C:\FRST
2019-02-16 16:35 - 2019-02-16 16:35 - 002434560 _____ (Farbar) C:\Users\Kids Upstairs Landin\Desktop\FRST64.exe
2019-02-16 12:00 - 2019-02-16 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
2019-02-16 08:29 - 2019-02-16 08:29 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-16 08:23 - 2019-02-16 16:37 - 000002704 _____ C:\windows\System32\Tasks\Start WinZip Driver Updater Update
2019-02-16 08:23 - 2019-02-16 16:37 - 000002664 _____ C:\windows\System32\Tasks\Start WinZip Driver Updater Schedule
2019-02-16 08:23 - 2019-02-16 16:37 - 000002454 _____ C:\windows\System32\Tasks\Start WinZip Driver Updater for DESKTOP-N6DBOOU@Kids Upstairs Landin(logon)
2019-02-16 08:23 - 2019-02-16 16:37 - 000000338 _____ C:\windows\Tasks\Start WinZip Driver Updater for DESKTOP-N6DBOOU@Kids Upstairs Landin(logon).job
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\AVAST Software
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\ProgramData\WinZip
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\Program Files\WinZip Smart Monitor
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\Program Files\WinZip Driver Updater
2019-02-16 08:19 - 2019-02-16 15:10 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\CrashDumps
2019-02-16 08:18 - 2019-02-16 16:37 - 000002822 _____ C:\windows\System32\Tasks\WebDiscover Browser Update Task
2019-02-16 08:18 - 2019-02-16 16:37 - 000002642 _____ C:\windows\System32\Tasks\ByteFence
2019-02-16 08:18 - 2019-02-16 16:37 - 000002434 _____ C:\windows\System32\Tasks\WebDiscover Browser Launch Task
2019-02-16 08:18 - 2019-02-16 16:37 - 000000000 ____D C:\windows\System32\Tasks\Avast Software
2019-02-16 08:18 - 2019-02-16 16:32 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2019-02-16 08:18 - 2019-02-16 16:31 - 000004264 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-02-16 08:18 - 2019-02-16 14:24 - 000000000 ____D C:\Program Files\ByteFence
2019-02-16 08:18 - 2019-02-16 08:18 - 001034432 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000474456 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000379952 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000362888 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2019-02-16 08:18 - 2019-02-16 08:18 - 000320696 _____ (AVAST Software) C:\windows\system32\Drivers\aswblog.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000249672 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000225680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000216784 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000205400 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000196072 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000167304 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000112312 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000087944 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000057960 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000037104 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000015488 _____ (AVAST Software) C:\windows\system32\Drivers\aswElam.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-02-16 08:18 - 2019-02-16 08:18 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-02-16 08:18 - 2019-02-16 08:18 - 000001103 _____ C:\Users\Kids Upstairs Landin\Desktop\ByteFence Anti-Malware.lnk
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\LocalLow\AMD
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\WebDiscoverBrowser
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\AVAST Software
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-02-16 08:18 - 2018-10-17 12:09 - 001114368 _____ (VoiceFive, Inc.) C:\windows\system32\pmls64.dll
2019-02-16 08:18 - 2018-10-17 12:09 - 000750848 _____ (VoiceFive, Inc.) C:\windows\SysWOW64\pmls.dll
2019-02-16 08:17 - 2019-02-16 16:37 - 000003754 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1550333872
2019-02-16 08:17 - 2019-02-16 08:18 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000001537 _____ C:\Users\Kids Upstairs Landin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\Opera Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\Opera Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Program Files\AVAST Software
2019-02-15 18:33 - 2019-02-15 18:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-02-15 17:18 - 2019-02-16 16:37 - 000001316 _____ C:\Users\Kids Upstairs Landin\Desktop\nativelog.txt
2019-02-13 19:04 - 2019-02-05 23:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-13 19:04 - 2019-02-05 23:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-13 19:04 - 2019-02-05 23:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-13 19:04 - 2019-02-05 23:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-13 19:04 - 2019-02-05 23:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-13 19:04 - 2019-02-05 22:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-13 19:04 - 2019-02-05 19:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-13 19:04 - 2019-02-05 19:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-13 19:04 - 2019-02-05 19:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-13 19:04 - 2019-02-05 19:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-13 19:04 - 2019-02-05 19:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-13 19:04 - 2019-02-05 18:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-13 19:04 - 2019-02-05 18:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-13 19:04 - 2019-02-05 18:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-13 19:04 - 2019-02-05 18:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-13 19:04 - 2019-02-05 18:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-13 19:04 - 2019-02-05 18:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-13 19:04 - 2019-02-05 18:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-13 19:04 - 2019-02-05 18:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-13 19:04 - 2019-02-05 18:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-13 19:04 - 2019-02-05 18:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-13 19:04 - 2019-02-05 18:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-13 19:04 - 2019-02-05 18:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-13 19:04 - 2019-02-05 18:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-13 19:04 - 2019-02-05 18:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-13 19:04 - 2019-02-05 18:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-13 19:04 - 2019-02-05 18:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-13 19:04 - 2019-02-05 18:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-13 19:04 - 2019-02-05 18:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-13 19:04 - 2019-02-05 18:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-13 19:04 - 2019-02-05 18:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-13 19:04 - 2019-02-05 18:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-13 19:04 - 2019-02-05 18:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-13 19:04 - 2019-02-05 18:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-13 19:04 - 2019-01-09 09:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-13 19:04 - 2019-01-09 09:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-13 19:04 - 2019-01-09 09:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-13 19:04 - 2019-01-09 09:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-13 19:04 - 2019-01-09 01:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-13 19:04 - 2019-01-09 01:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-13 19:04 - 2019-01-08 21:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-13 19:04 - 2019-01-08 21:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-13 19:04 - 2019-01-08 21:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-13 19:04 - 2019-01-08 21:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-13 19:04 - 2019-01-08 21:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-13 19:04 - 2019-01-08 21:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 19:04 - 2019-01-08 21:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-13 19:04 - 2019-01-08 21:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-13 19:04 - 2019-01-08 21:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-13 19:04 - 2019-01-08 21:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-13 19:04 - 2019-01-08 21:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-13 19:04 - 2019-01-08 21:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-13 19:03 - 2019-02-05 23:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-13 19:03 - 2019-02-05 23:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-13 19:03 - 2019-02-05 23:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-13 19:03 - 2019-02-05 22:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-13 19:03 - 2019-02-05 22:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-13 19:03 - 2019-02-05 22:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-13 19:03 - 2019-02-05 19:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-13 19:03 - 2019-02-05 19:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-13 19:03 - 2019-02-05 19:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-13 19:03 - 2019-02-05 19:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-13 19:03 - 2019-02-05 19:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-13 19:03 - 2019-02-05 19:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-13 19:03 - 2019-02-05 19:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-13 19:03 - 2019-02-05 19:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-13 19:03 - 2019-02-05 19:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-13 19:03 - 2019-02-05 18:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-13 19:03 - 2019-02-05 18:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-13 19:03 - 2019-02-05 18:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-13 19:03 - 2019-02-05 18:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-13 19:03 - 2019-02-05 18:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-13 19:03 - 2019-02-05 18:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-13 19:03 - 2019-02-05 18:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-13 19:03 - 2019-02-05 18:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-13 19:03 - 2019-02-05 18:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-13 19:03 - 2019-02-05 18:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-13 19:03 - 2019-02-05 17:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-13 19:03 - 2019-01-12 00:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 19:03 - 2019-01-11 18:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-13 19:03 - 2019-01-09 10:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-13 19:03 - 2019-01-09 09:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-13 19:03 - 2019-01-09 09:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-13 19:03 - 2019-01-09 09:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-13 19:03 - 2019-01-09 02:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-13 19:03 - 2019-01-09 00:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-13 19:03 - 2019-01-09 00:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-13 19:03 - 2019-01-08 21:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-13 19:03 - 2019-01-08 21:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-13 19:03 - 2019-01-08 21:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-13 19:03 - 2019-01-08 21:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-13 19:03 - 2019-01-08 21:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-13 19:03 - 2019-01-08 21:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-13 19:03 - 2019-01-08 21:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-13 19:03 - 2019-01-08 21:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-13 19:03 - 2019-01-08 21:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-13 19:03 - 2019-01-08 21:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 19:03 - 2019-01-08 21:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-13 19:03 - 2019-01-08 21:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-13 19:03 - 2019-01-08 21:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 19:03 - 2019-01-08 21:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-13 19:03 - 2019-01-08 21:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-13 19:03 - 2019-01-08 21:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-13 19:03 - 2019-01-08 20:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-13 19:03 - 2019-01-08 20:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-13 19:03 - 2019-01-08 01:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-13 18:59 - 2019-02-16 16:31 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\.minecraft
2019-02-13 18:59 - 2019-02-13 18:59 - 000001037 _____ C:\Users\Public\Desktop\Minecraft.lnk
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\CEF
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-01-25 11:02 - 2018-11-20 18:29 - 000103088 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\amdkmpfd.sys
2019-01-25 11:02 - 2018-11-20 18:29 - 000066968 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\amdkmafd.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-16 16:37 - 2019-01-10 19:12 - 000002262 _____ C:\windows\System32\Tasks\StartCN
2019-02-16 16:37 - 2019-01-10 19:12 - 000002176 _____ C:\windows\System32\Tasks\StartDVR
2019-02-16 16:37 - 2018-12-19 15:57 - 000002760 _____ C:\windows\System32\Tasks\McAfee DAT Built in test
2019-02-16 16:37 - 2018-12-01 15:43 - 000002920 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3577402269-2411322605-3892774908-1001
2019-02-16 16:37 - 2018-09-11 18:30 - 000002720 _____ C:\windows\System32\Tasks\McAfeeLogon
2019-02-16 16:37 - 2018-09-11 18:28 - 000002706 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2019-02-16 16:37 - 2018-09-11 18:27 - 000002916 _____ C:\windows\System32\Tasks\HPJumpStartLaunch
2019-02-16 16:37 - 2018-09-11 17:36 - 000002340 _____ C:\windows\System32\Tasks\RTKCPL
2019-02-16 16:37 - 2018-08-10 06:00 - 000002500 _____ C:\windows\System32\Tasks\HPAudioSwitch
2019-02-16 16:37 - 2018-08-10 05:58 - 000002562 _____ C:\windows\System32\Tasks\HPEA3JOBS
2019-02-16 16:37 - 2018-04-27 22:08 - 000002830 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2
2019-02-16 16:37 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-16 16:31 - 2018-04-27 22:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-16 11:59 - 2019-01-10 19:13 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\D3DSCache
2019-02-16 08:23 - 2018-04-11 15:36 - 000000000 ____D C:\windows\INF
2019-02-16 08:18 - 2018-04-11 15:38 - 000000000 ___HD C:\windows\ELAMBKUP
2019-02-16 08:18 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-16 08:18 - 2018-04-11 15:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-15 17:21 - 2018-04-27 22:11 - 000933304 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-14 20:34 - 2018-12-01 16:48 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-14 20:34 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-14 20:33 - 2018-12-02 10:33 - 000000000 ____D C:\Program Files\rempl
2019-02-14 20:25 - 2018-04-27 22:06 - 000411704 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-14 20:25 - 2018-04-27 22:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-14 20:24 - 2018-09-11 17:37 - 000065536 _____ C:\windows\system32\spu_storage.bin
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\TextInput
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-14 20:24 - 2018-04-11 13:04 - 000524288 _____ C:\windows\system32\config\BBI
2019-02-13 20:15 - 2018-04-11 13:04 - 000032768 _____ C:\windows\system32\config\ELAM
2019-02-13 19:08 - 2018-12-02 10:37 - 000000000 ____D C:\windows\system32\MRT
2019-02-13 19:08 - 2018-04-11 15:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-13 19:07 - 2018-12-02 10:36 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-13 19:02 - 2018-12-01 15:38 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\AMD
2019-02-07 19:56 - 2018-09-11 18:22 - 000000000 ____D C:\ProgramData\Packages
2019-02-06 18:40 - 2018-12-01 15:41 - 000000000 ___RD C:\Users\Kids Upstairs Landin\OneDrive
2019-02-06 18:40 - 2018-12-01 15:35 - 000002419 _____ C:\Users\Kids Upstairs Landin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-02 14:53 - 2018-04-11 15:41 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 14:53 - 2018-04-11 15:41 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-25 11:02 - 2018-09-11 17:36 - 000000000 ____D C:\Program Files\AMD
2019-01-17 22:15 - 2018-12-23 20:17 - 000000000 ____D C:\ProgramData\McInstTemp0077941545625065

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\dllhost.exe => File is digitally signed
C:\windows\SysWOW64\dllhost.exe => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-27 22:06

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.02.2019 01
Ran by Kids Upstairs Landin (16-02-2019 16:37:57)
Running from C:\Users\Kids Upstairs Landin\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-01 23:33:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3577402269-2411322605-3892774908-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3577402269-2411322605-3892774908-503 - Limited - Disabled)
Guest (S-1-5-21-3577402269-2411322605-3892774908-501 - Limited - Disabled)
Kids Upstairs Landin (S-1-5-21-3577402269-2411322605-3892774908-1001 - Administrator - Enabled) => C:\Users\Kids Upstairs Landin
WDAGUtilityAccount (S-1-5-21-3577402269-2411322605-3892774908-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 5.4.1.16 - Byte Technologies LLC) <==== ATTENTION
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.9.24.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.3.1031 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C693010C-7727-4824-9A13-8C7A5E43209A}) (Version: 16.5.3.1031 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R17 - McAfee, Inc.)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.11231.20174 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Opera Stable 58.0.3135.65 (HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.419 - VoiceFive, Inc.) <==== ATTENTION
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.108 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WebDiscover Browser 4.28.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 4.28.2 - WebDiscover Media) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.46 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.281 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.59 - WildTangent) Hidden
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.27.0.26 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-29] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-29] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094598D2-76F1-45F2-BB74-DE7A59381ECA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {09B522BC-B5A9-4D21-9588-0EC91377CA52} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0BC0F231-9B36-4DB5-9F92-C296395D06E5} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe (HP Inc. -> HP Inc.)
Task: {2E78A59B-31A6-4DA8-A83E-D7C510E13D53} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> HP Inc.)
Task: {30819EDC-E0A3-4410-ACAB-BAB7FB1617F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {3105E2A0-3B48-4F0A-B9E6-EF262E185DF0} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {32029DCA-3E4B-4B4D-8483-9C7DD1F8F82F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {3EB6F15A-1E13-48C9-B605-2617563AC6BE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D48E149-2B85-4637-930C-9808F5A3B1D9} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.)
Task: {4E1D67B4-DE6B-473A-9623-AD1307DB7477} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {50D11636-1CBC-4EEC-8AE2-0122F9D8D344} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {5AEBA7B5-2C04-409C-A69A-634F8F31CDC3} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {616BD4BA-5023-446E-B555-0FCF425E1669} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {6FE19703-F60A-4DCB-9FE8-9E573813DCE2} - System32\Tasks\Start WinZip Driver Updater for DESKTOP-N6DBOOU@Kids Upstairs Landin(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe (Corel Corporation -> Corel Corporation)
Task: {70E0D835-CFEE-4523-93B2-DAB0C2261995} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {719D9900-5CC8-4580-A957-3DE3FFACFDAD} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe (web discover -> WebDiscover Media) <==== ATTENTION
Task: {8329E934-BEC5-4DEE-B083-BF9101867CE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {85CAE864-DB89-4613-982F-580F6749B752} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe (Byte Technologies LLC -> Byte Technologies LLC) <==== ATTENTION
Task: {8BD66A1F-6B85-4E24-A014-B1444D60D945} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe (web discover -> WebDiscover Media) <==== ATTENTION
Task: {8C35E661-96F1-437E-A1D2-4E081E928AA6} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {A302CD91-713D-436E-8648-C054FB2EB344} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.6.319\mcdatrep.exe (McAfee, Inc. -> McAfee, LLC.)
Task: {A4E7F616-1CB0-4132-B995-65338C09AEF0} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe (Corel Corporation -> Corel Corporation)
Task: {A5C73641-68A7-42A9-8174-02026FFE622A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\ByteFence" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\HPAudioSwitch" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\HPEA3JOBS" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\HPJumpStartLaunch" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\McAfee DAT Built in test" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\McAfeeLogon" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3577402269-2411322605-3892774908-1001" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\Opera scheduled Autoupdate 1550333872" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\Start WinZip Driver Updater for DESKTOP-N6DBOOU@Kids Upstairs Landin(logon)" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\Start WinZip Driver Updater Schedule" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\Start WinZip Driver Updater Update" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\WebDiscover Browser Launch Task" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\WebDiscover Browser Update Task" /ENABLE
Task: {A64E0F28-0D72-436D-9258-C92C7EBC9CD2} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {B81E895E-0E88-4DD2-82CC-39085BC216B1} - System32\Tasks\Opera scheduled Autoupdate 1550333872 => C:\Users\Kids Upstairs Landin\AppData\Local\Programs\Opera\launcher.exe (Opera Software AS -> Opera Software)
Task: {BD93C440-CBF5-42F3-BCEC-C78DE8CE95F6} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {BE0097FB-D501-47F9-AF46-A0A6C8BC7103} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C5632FD1-079C-48B5-A3A8-12DF0E647CA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {C72A966F-FEDB-485E-817C-84879ECBF318} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D11BE983-B1F8-4399-9ACA-BB1AEB0DA040} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe (Corel Corporation -> Corel Corporation)
Task: {D247ECA0-76E2-46EA-A816-C092A9B21FFE} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {E03460CE-8249-4D1D-822C-6052E691A025} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe (McAfee, Inc. -> McAfee, Inc.)
Task: {E19B4608-134D-4340-8C36-6690C05E8A17} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {E90BC104-E3B4-4B7F-9926-371F155DE9CA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F3566FB3-A1C1-45E9-8DCB-10039AD27C12} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {F378CF44-1987-47C2-958E-12D4094D54F6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F58CF227-D39D-4676-8902-834452334C21} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {FF984070-1D43-4815-B6C8-F4547600FF0F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Start WinZip Driver Updater for DESKTOP-N6DBOOU@Kids Upstairs Landin(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Kids Upstairs Landin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\Kids Upstairs Landin\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com

==================== Loaded Modules (Whitelisted) ==============

2019-01-08 10:43 - 2019-01-08 10:43 - 001495912 _____ () C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
2018-06-29 12:34 - 2018-06-29 12:34 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPMsgBusDLL.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\windows\SYSTEM32\inputhost.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 18:10 - 2018-11-08 18:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 19:04 - 2019-02-05 18:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 18:09 - 2019-01-31 18:09 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-16 18:22 - 2019-01-16 18:23 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-12-01 15:50 - 2018-12-01 15:50 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-12-01 15:50 - 2018-12-01 15:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-14 20:33 - 2019-02-14 20:33 - 000016384 _____ () C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.exe
2019-02-14 20:33 - 2019-02-14 20:33 - 017380352 _____ () C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-01 15:52 - 2018-12-01 15:52 - 003859456 _____ () C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
2019-02-16 08:18 - 2019-02-16 08:18 - 000654216 _____ () c:\program files\avast software\avast\streamback.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 000556936 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 001174920 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 002024840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-16 12:20 - 2019-02-16 12:20 - 006884496 _____ () c:\program files\avast software\avast\defs\19021604\algo64.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-01-31 01:42 - 2019-01-31 01:42 - 000821528 _____ () c:\program files\bytefence\x64\rsLggrServer_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 15:38 - 2019-02-16 08:29 - 000002103 _____ C:\windows\system32\drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kids Upstairs Landin\Pictures\stock-photo-copy-space-glitter-background-glittering-ombre-glitters-pastel-colors-pastel-colours-glittery-823667a3-7aab-4c.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{42BCFD9F-97FE-4719-8419-09349EC8403B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65841EAA-6685-4438-A7B8-B3E0FAC10C15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D8B74AE-35A6-4529-BA22-4E0A97E48485}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5990D023-716C-4EA0-A669-4CCA3FE53799}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C65FC995-9877-4FB7-992E-D646F4F2FF7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{5A63CA72-6124-4A9B-870B-71832AE03FDF}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{5A8F871E-4D8B-408A-A3CF-6AAE949910B3}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{617E298E-C5C3-4EEF-8165-D5D29EEB1565}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{3C07CAB7-57B9-47DF-A1FC-C623E33ECFE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16050.11029.20079.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A2A42C3-2859-4897-A074-F878636FD08B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{B4B01FF3-F365-4D86-9C2F-462046B48047}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{7DD297DC-B632-48D3-8F4F-A1A882B86007}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB42A3B-2D9E-43D7-9AF1-4E4838B13A9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3623D6CA-7332-4D7C-8594-0C2AC7279471}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A74DAF1-91AA-4F11-9D18-EFFEEDBEF906}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F41BC1F8-ACF6-4DCA-B60C-C48DD65B5E90}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FCC9879B-F337-40F6-8679-B07E8929561A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C4B79189-8542-4E59-BC00-E8EB56D5AE10}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1487D66B-ADA0-401F-9E3E-C37B4E8446D8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A69E64CA-6398-4C3D-990B-B0BDFE52D711}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FB177A84-F38F-4E5F-A6DE-CC94DA08DC20}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E88758F2-828E-4FE6-9599-D7C2F7FDD976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6565C942-D2AB-4910-A72F-4B52FCE83E07}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6882A980-B956-4937-B5E5-B6D39E802432}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.100.237.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B3BF5BF-6FBC-44FD-A5B6-ACDE2C94ED3E}] => (Allow) C:\Users\Kids Upstairs Landin\AppData\Local\Programs\Opera\58.0.3135.65\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5744E73C-7EF4-49ED-B134-D6DE8D6526EA}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{0BE1B46A-CC5B-43F9-8FDE-58F2ACF737C2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{001FD11F-910D-481A-97ED-1D997686A201}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)
FirewallRules: [{E6A4FE9D-175B-4BBA-AAA2-C34C33681DFA}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe (VoiceFive, Inc. -> VoiceFive, Inc.)

==================== Restore Points =========================

26-01-2019 18:25:54 Scheduled Checkpoint
04-02-2019 21:57:32 Scheduled Checkpoint
13-02-2019 18:59:27 Installed Minecraft

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2019 04:35:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 508c

Start Time: 01d4c65822036504

Termination Time: 3

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: bad868cd-f757-4889-a77a-f970e78ffaba

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 03:24:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4c34

Start Time: 01d4c64ea7d997fb

Termination Time: 3

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 19c49683-f30d-4ec6-8b39-c064e92cad63

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 03:22:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1fcc

Start Time: 01d4c64df4775b62

Termination Time: 3

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 54427c60-3ba5-4ced-92dc-27a61ed47da3

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 03:17:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4d2c

Start Time: 01d4c64cb80e792e

Termination Time: 3

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 186a78e3-2185-43cf-ba06-e643da2466b9

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 03:10:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x4ac8
Faulting application start time: 0x01d4c649dc796b18
Faulting application path: C:\windows\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: d876e5e9-be58-40f3-821d-951fe025c63f
Faulting package full name:
Faulting package-relative application ID:

Error: (02/16/2019 03:09:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4af8

Start Time: 01d4c64c8aa46bd9

Termination Time: 2

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 6b4fca33-d799-4d0b-8680-4fc2c5be298d

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 03:08:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 21ac

Start Time: 01d4c64a218cc492

Termination Time: 2

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 79daffe0-546d-4864-9a60-c8e0ebb6647a

Faulting package full name:

Faulting package-relative application ID:

Error: (02/16/2019 02:46:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program javaw.exe version 8.0.51.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c88

Start Time: 01d4c6495e0eaf3b

Termination Time: 4

Application Path: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe

Report Id: 8cdc8e9b-252d-43ab-b7ad-c26dd983605b

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (02/16/2019 03:44:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/16/2019 03:22:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-N6DBOOU)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-N6DBOOU\Kids Upstairs Landin SID (S-1-5-21-3577402269-2411322605-3892774908-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/16/2019 03:12:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Push Notifications User Service_264fef service terminated unexpectedly. It has done this 14 time(s).

Error: (02/16/2019 03:11:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Push Notifications User Service_264fef service terminated unexpectedly. It has done this 13 time(s).

Error: (02/16/2019 03:10:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Push Notifications User Service_264fef service terminated unexpectedly. It has done this 12 time(s).

Error: (02/16/2019 02:49:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/16/2019 02:33:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Push Notifications User Service_264fef service terminated unexpectedly. It has done this 11 time(s).

Error: (02/16/2019 02:32:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Push Notifications User Service_264fef service terminated unexpectedly. It has done this 10 time(s).

Windows Defender:
===================================
Date: 2018-12-01 15:44:30.955
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FDC5CE71-793A-4653-B4D2-173A88AEAE3A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2019-02-16 16:37:34.684
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:34.680
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:18.592
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:18.589
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:18.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\pmls64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:14.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\pmls.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:14.510
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\pmls.dll that did not meet the Microsoft signing level requirements.

Date: 2019-02-16 16:37:14.505
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WebDiscoverBrowser\4.28.2\browser.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\pmls.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 37%
Total physical RAM: 12187.26 MB
Available physical RAM: 7580.27 MB
Total Virtual: 14043.26 MB
Available Virtual: 6742.73 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:913.42 GB) (Free:856.56 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.85 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{965ec7da-760d-446a-9f95-c21c605a36dd}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.55 GB) NTFS
\\?\Volume{c98ea45f-c5a7-4797-9bf2-bfa89c3fb785}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================

#5
iMacg3

Posted 18 February 2019 - 10:09 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Hi,

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

ByteFence Anti-Malware
PremierOpinion
WebDiscover Browser
WinZip Driver Updater

Follow the steps in the uninstaller to remove the program.

-----------------------

Once you have uninstalled the programs, please run a new FRST scan.

Right-click on FRST/FRST64 and click Run as Administrator
Click on Scan. Once the scan is complete, two logs will open in Notepad. (FRST.txt and Addition.txt)

Please copy and paste the contents of FRST.txt and Addition.txt in your next reply.

Let me know how the computer is doing.

Thanks.

#6
Nayung116

Posted 18 February 2019 - 01:59 PM

Member

Topic Starter
Member
37 posts

Hi,

Here are the logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.02.2019 01
Ran by Kids Upstairs Landin (administrator) on DESKTOP-N6DBOOU (18-02-2019 11:54:59)
Running from C:\Users\Kids Upstairs Landin\Desktop
Loaded Profiles: Kids Upstairs Landin (Available Profiles: Kids Upstairs Landin)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
() C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_18_9\mcapexe.exe
(McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\3.0.127.0\McCSPServiceHost.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulAlert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Mojang) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
(Mojang) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BtServer] => "C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319520 2018-07-05] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2107232 2017-12-19] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [259976 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Winlogon: [Userinit]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{358edba3-6921-4cb8-8f28-4c419421c7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0eecfca-f652-4e21-a7f5-36c178b6a9da}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-12-19] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2018-11-27] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-12-01] (Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2018-11-27] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-12-01] (Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe [504832 2018-11-20] (Advanced Micro Devices, Inc. -> AMD)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6758976 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357304 2019-02-16] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11013280 2019-02-07] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
S4 HfcDisableService; C:\windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1322632 2017-12-13] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\windows\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17440 2018-07-05] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [214672 2018-02-19] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_9\McApExe.exe [744312 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2017-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366960 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [590712 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [499576 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1705968 2018-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1333064 2018-10-25] (McAfee, Inc. -> McAfee, Inc.)
R2 RstMwService; C:\windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkBtAudioServ; C:\windows\RtkBtAudioServ.exe [189928 2018-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 RtkBtManServ; C:\windows\RtkBtManServ.exe [679400 2018-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4403496 2019-01-08] (Microsoft Corporation -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1495912 2019-01-08] (WildTangent Inc -> )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-17 20:02 - 2019-02-17 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-02-16 16:37 - 2019-02-18 11:55 - 000024206 _____ C:\Users\Kids Upstairs Landin\Desktop\FRST.txt
2019-02-16 16:37 - 2019-02-16 16:38 - 000048867 _____ C:\Users\Kids Upstairs Landin\Desktop\Addition.txt
2019-02-16 16:35 - 2019-02-18 11:54 - 000000000 ____D C:\FRST
2019-02-16 16:35 - 2019-02-16 16:35 - 002434560 _____ (Farbar) C:\Users\Kids Upstairs Landin\Desktop\FRST64.exe
2019-02-16 08:29 - 2019-02-16 08:29 - 000000000 ____D C:\ProgramData\ByteFence
2019-02-16 08:23 - 2019-02-16 08:23 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\AVAST Software
2019-02-16 08:19 - 2019-02-18 11:53 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\CrashDumps
2019-02-16 08:18 - 2019-02-18 11:55 - 000002582 _____ C:\windows\System32\Tasks\ByteFence
2019-02-16 08:18 - 2019-02-18 11:55 - 000000000 ____D C:\windows\System32\Tasks\Avast Software
2019-02-16 08:18 - 2019-02-18 11:54 - 000000000 ____D C:\Program Files\WebDiscoverBrowser
2019-02-16 08:18 - 2019-02-18 11:53 - 000000000 ____D C:\Program Files (x86)\PremierOpinion
2019-02-16 08:18 - 2019-02-18 11:50 - 000004264 _____ C:\windows\System32\Tasks\Avast Emergency Update
2019-02-16 08:18 - 2019-02-16 08:18 - 001034432 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000474456 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000379952 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000362888 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2019-02-16 08:18 - 2019-02-16 08:18 - 000320696 _____ (AVAST Software) C:\windows\system32\Drivers\aswblog.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000249672 _____ (AVAST Software) C:\windows\system32\Drivers\aswHdsKe.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000225680 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsdriver.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000216784 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000205400 _____ (AVAST Software) C:\windows\system32\Drivers\aswArPot.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000196072 _____ (AVAST Software) C:\windows\system32\Drivers\aswbidsh.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000167304 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000112312 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000087944 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000057960 _____ (AVAST Software) C:\windows\system32\Drivers\aswbuniv.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000042288 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000037104 _____ (AVAST Software) C:\windows\system32\Drivers\aswArDisk.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000015488 _____ (AVAST Software) C:\windows\system32\Drivers\aswElam.sys
2019-02-16 08:18 - 2019-02-16 08:18 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-02-16 08:18 - 2019-02-16 08:18 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\LocalLow\AMD
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\WebDiscoverBrowser
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\AVAST Software
2019-02-16 08:18 - 2019-02-16 08:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-02-16 08:18 - 2018-10-17 12:09 - 001114368 _____ (VoiceFive, Inc.) C:\windows\system32\pmls64.dll
2019-02-16 08:18 - 2018-10-17 12:09 - 000750848 _____ (VoiceFive, Inc.) C:\windows\SysWOW64\pmls.dll
2019-02-16 08:17 - 2019-02-18 11:55 - 000003694 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1550333872
2019-02-16 08:17 - 2019-02-16 08:18 - 000000000 ____D C:\ProgramData\AVAST Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000001537 _____ C:\Users\Kids Upstairs Landin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\Opera Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\Opera Software
2019-02-16 08:17 - 2019-02-16 08:17 - 000000000 ____D C:\Program Files\AVAST Software
2019-02-15 17:18 - 2019-02-16 16:40 - 000001294 _____ C:\Users\Kids Upstairs Landin\Desktop\nativelog.txt
2019-02-13 19:04 - 2019-02-05 23:54 - 004527584 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2019-02-13 19:04 - 2019-02-05 23:53 - 001634704 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2019-02-13 19:04 - 2019-02-05 23:32 - 003648512 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2019-02-13 19:04 - 2019-02-05 23:30 - 004052992 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2019-02-13 19:04 - 2019-02-05 23:11 - 001454648 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2019-02-13 19:04 - 2019-02-05 22:52 - 002891776 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2019-02-13 19:04 - 2019-02-05 19:01 - 001989040 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2019-02-13 19:04 - 2019-02-05 19:01 - 001221432 _____ (Microsoft Corporation) C:\windows\system32\hvix64.exe
2019-02-13 19:04 - 2019-02-05 19:01 - 001029944 _____ (Microsoft Corporation) C:\windows\system32\hvax64.exe
2019-02-13 19:04 - 2019-02-05 19:01 - 000720480 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 009084432 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2019-02-13 19:04 - 2019-02-05 19:00 - 007520112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 006572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 002719760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 002465792 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 002421264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 001130568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvproc.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 001098272 _____ (Microsoft Corporation) C:\windows\system32\msvproc.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 000945680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refsv1.sys
2019-02-13 19:04 - 2019-02-05 19:00 - 000899728 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2019-02-13 19:04 - 2019-02-05 19:00 - 000376120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys
2019-02-13 19:04 - 2019-02-05 18:59 - 001922064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\refs.sys
2019-02-13 19:04 - 2019-02-05 18:52 - 022014464 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2019-02-13 19:04 - 2019-02-05 18:45 - 019404288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2019-02-13 19:04 - 2019-02-05 18:42 - 003711488 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2019-02-13 19:04 - 2019-02-05 18:41 - 025853952 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2019-02-13 19:04 - 2019-02-05 18:41 - 005307392 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2019-02-13 19:04 - 2019-02-05 18:40 - 005792256 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2019-02-13 19:04 - 2019-02-05 18:38 - 000608768 _____ (Microsoft Corporation) C:\windows\SysWOW64\EdgeManager.dll
2019-02-13 19:04 - 2019-02-05 18:38 - 000561152 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2019-02-13 19:04 - 2019-02-05 18:37 - 004515840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2019-02-13 19:04 - 2019-02-05 18:37 - 000578560 _____ (Microsoft Corporation) C:\windows\SysWOW64\webplatstorageserver.dll
2019-02-13 19:04 - 2019-02-05 18:33 - 022714880 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2019-02-13 19:04 - 2019-02-05 18:29 - 004865536 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2019-02-13 19:04 - 2019-02-05 18:28 - 000046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2019-02-13 19:04 - 2019-02-05 18:27 - 000894464 _____ (Microsoft Corporation) C:\windows\system32\webplatstorageserver.dll
2019-02-13 19:04 - 2019-02-05 18:27 - 000808448 _____ (Microsoft Corporation) C:\windows\system32\EdgeManager.dll
2019-02-13 19:04 - 2019-02-05 18:27 - 000358912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys
2019-02-13 19:04 - 2019-02-05 18:26 - 007599616 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000174592 _____ (Microsoft Corporation) C:\windows\system32\wuuhosdeployment.dll
2019-02-13 19:04 - 2019-02-05 18:26 - 000154112 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2019-02-13 19:04 - 2019-02-05 18:25 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2019-02-13 19:04 - 2019-02-05 18:24 - 004937728 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2019-02-13 19:04 - 2019-02-05 18:24 - 000466432 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2019-02-13 19:04 - 2019-02-05 18:22 - 000960512 _____ (Microsoft Corporation) C:\windows\system32\StorSvc.dll
2019-02-13 19:04 - 2019-02-05 18:22 - 000885760 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2019-02-13 19:04 - 2019-01-09 09:42 - 004716032 _____ (Microsoft Corporation) C:\windows\system32\twinui.pcshell.dll
2019-02-13 19:04 - 2019-01-09 09:41 - 012730368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2019-02-13 19:04 - 2019-01-09 09:40 - 000171520 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2019-02-13 19:04 - 2019-01-09 09:36 - 001054720 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2019-02-13 19:04 - 2019-01-09 01:55 - 011919872 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2019-02-13 19:04 - 2019-01-09 01:55 - 000150016 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 006043496 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 004789944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 002253480 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 001981280 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000607376 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000287640 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2019-02-13 19:04 - 2019-01-08 21:43 - 000129088 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2019-02-13 19:04 - 2019-01-08 21:42 - 001035232 _____ (Microsoft Corporation) C:\windows\system32\ApplyTrustOffline.exe
2019-02-13 19:04 - 2019-01-08 21:40 - 002765336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2019-02-13 19:04 - 2019-01-08 21:40 - 000432952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2019-02-13 19:04 - 2019-01-08 21:39 - 007436016 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 004404720 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 002571632 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000789696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000349656 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000260800 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000164192 _____ (Microsoft Corporation) C:\windows\system32\rmclient.dll
2019-02-13 19:04 - 2019-01-08 21:39 - 000085472 _____ (Microsoft Corporation) C:\windows\system32\svchost.exe
2019-02-13 19:04 - 2019-01-08 21:33 - 016597504 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2019-02-13 19:04 - 2019-01-08 21:32 - 013878272 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2019-02-13 19:04 - 2019-01-08 21:29 - 008188928 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2019-02-13 19:04 - 2019-01-08 21:27 - 004710912 _____ (Microsoft Corporation) C:\windows\system32\cdp.dll
2019-02-13 19:04 - 2019-01-08 21:27 - 004384256 _____ (Microsoft Corporation) C:\windows\system32\EdgeContent.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 006661632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 003396608 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2019-02-13 19:04 - 2019-01-08 21:26 - 002966016 _____ (Microsoft Corporation) C:\windows\SysWOW64\cdp.dll
2019-02-13 19:04 - 2019-01-08 21:24 - 000209408 _____ (Microsoft Corporation) C:\windows\system32\AppXApplicabilityBlob.dll
2019-02-13 19:04 - 2019-01-08 21:23 - 002368000 _____ (Microsoft Corporation) C:\windows\system32\WebRuntimeManager.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 001551360 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 001395200 _____ (Microsoft Corporation) C:\windows\system32\TokenBroker.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 000624640 _____ (Microsoft Corporation) C:\windows\system32\PsmServiceExtHost.dll
2019-02-13 19:04 - 2019-01-08 21:22 - 000333824 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgeIso.dll
2019-02-13 19:04 - 2019-01-08 21:21 - 002173440 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 001000448 _____ (Microsoft Corporation) C:\windows\SysWOW64\TokenBroker.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 000916480 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-13 19:04 - 2019-01-08 21:20 - 000135680 _____ (Microsoft Corporation) C:\windows\SysWOW64\smartscreenps.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000507392 _____ (Microsoft Corporation) C:\windows\system32\edgeIso.dll
2019-02-13 19:04 - 2019-01-08 21:19 - 000251904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msIso.dll
2019-02-13 19:03 - 2019-02-05 23:35 - 000058368 _____ (Microsoft Corporation) C:\windows\system32\mf3216.dll
2019-02-13 19:03 - 2019-02-05 23:30 - 001662464 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2019-02-13 19:03 - 2019-02-05 23:30 - 001364992 _____ (Microsoft Corporation) C:\windows\system32\bcastdvruserservice.dll
2019-02-13 19:03 - 2019-02-05 22:57 - 000044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf3216.dll
2019-02-13 19:03 - 2019-02-05 22:52 - 004053504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2019-02-13 19:03 - 2019-02-05 22:52 - 001470976 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2019-02-13 19:03 - 2019-02-05 19:01 - 000566568 _____ (Microsoft Corporation) C:\windows\system32\tcblaunch.exe
2019-02-13 19:03 - 2019-02-05 19:01 - 000134968 _____ (Microsoft Corporation) C:\windows\system32\hvloader.dll
2019-02-13 19:03 - 2019-02-05 19:01 - 000076088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hvservice.sys
2019-02-13 19:03 - 2019-02-05 19:01 - 000033576 _____ (Microsoft Corporation) C:\windows\SysWOW64\NtlmShared.dll
2019-02-13 19:03 - 2019-02-05 19:00 - 001257904 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2019-02-13 19:03 - 2019-02-05 19:00 - 001140680 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2019-02-13 19:03 - 2019-02-05 19:00 - 000466960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2019-02-13 19:03 - 2019-02-05 19:00 - 000043536 _____ (Microsoft Corporation) C:\windows\system32\browser_broker.exe
2019-02-13 19:03 - 2019-02-05 19:00 - 000038792 _____ (Microsoft Corporation) C:\windows\system32\NtlmShared.dll
2019-02-13 19:03 - 2019-02-05 18:59 - 001457248 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2019-02-13 19:03 - 2019-02-05 18:59 - 000983128 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2019-02-13 19:03 - 2019-02-05 18:59 - 000144288 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2019-02-13 19:03 - 2019-02-05 18:40 - 000021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2019-02-13 19:03 - 2019-02-05 18:28 - 000039936 _____ (Microsoft Corporation) C:\windows\system32\npmproxy.dll
2019-02-13 19:03 - 2019-02-05 18:27 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2019-02-13 19:03 - 2019-02-05 18:26 - 000324608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2019-02-13 19:03 - 2019-02-05 18:25 - 000736256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2019-02-13 19:03 - 2019-02-05 18:23 - 000393216 _____ (Microsoft Corporation) C:\windows\system32\WpAXHolder.dll
2019-02-13 19:03 - 2019-02-05 18:21 - 000093696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys
2019-02-13 19:03 - 2019-02-05 17:04 - 000001314 _____ C:\windows\system32\tcbres.wim
2019-02-13 19:03 - 2019-01-12 00:56 - 001008640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.MixedRealityCapture.dll
2019-02-13 19:03 - 2019-01-11 18:28 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2019-02-13 19:03 - 2019-01-09 10:08 - 000309560 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2019-02-13 19:03 - 2019-01-09 09:57 - 000720536 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2019-02-13 19:03 - 2019-01-09 09:41 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\iemigplugin.dll
2019-02-13 19:03 - 2019-01-09 09:35 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Logon.dll
2019-02-13 19:03 - 2019-01-09 02:14 - 000607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2019-02-13 19:03 - 2019-01-09 00:55 - 001285432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2019-02-13 19:03 - 2019-01-09 00:48 - 000527368 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2019-02-13 19:03 - 2019-01-08 21:59 - 000611848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2019-02-13 19:03 - 2019-01-08 21:44 - 000078688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wldp.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 001620264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000581592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVideoDSP.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000127744 _____ (Microsoft Corporation) C:\windows\SysWOW64\rmclient.dll
2019-02-13 19:03 - 2019-01-08 21:43 - 000071456 _____ (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
2019-02-13 19:03 - 2019-01-08 21:42 - 000092704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bindflt.sys
2019-02-13 19:03 - 2019-01-08 21:40 - 001063224 _____ (Microsoft Corporation) C:\windows\system32\SecConfig.efi
2019-02-13 19:03 - 2019-01-08 21:40 - 000226104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2019-02-13 19:03 - 2019-01-08 21:40 - 000090872 _____ (Microsoft Corporation) C:\windows\system32\wldp.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 001943128 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000713264 _____ (Microsoft Corporation) C:\windows\system32\MSVideoDSP.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000269624 _____ (Microsoft Corporation) C:\windows\system32\browserbroker.dll
2019-02-13 19:03 - 2019-01-08 21:39 - 000175416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spacedump.sys
2019-02-13 19:03 - 2019-01-08 21:29 - 002500096 _____ (Microsoft Corporation) C:\windows\system32\smartscreen.exe
2019-02-13 19:03 - 2019-01-08 21:27 - 001587712 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2019-02-13 19:03 - 2019-01-08 21:25 - 000161792 _____ (Microsoft Corporation) C:\windows\system32\spacebridge.dll
2019-02-13 19:03 - 2019-01-08 21:24 - 000174080 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-13 19:03 - 2019-01-08 21:24 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\spacebridge.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001708544 _____ (Microsoft Corporation) C:\windows\system32\MSPhotography.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001361408 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSPhotography.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 001189888 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000898560 _____ (Microsoft Corporation) C:\windows\system32\MusUpdateHandlers.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000145920 _____ (Microsoft Corporation) C:\windows\system32\srpapi.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000100864 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManagerClient.dll
2019-02-13 19:03 - 2019-01-08 21:23 - 000067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000392704 _____ (Microsoft Corporation) C:\windows\system32\WaaSMedicSvc.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000266752 _____ (Microsoft Corporation) C:\windows\system32\CapabilityAccessManager.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000138752 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 19:03 - 2019-01-08 21:22 - 000126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\srpapi.dll
2019-02-13 19:03 - 2019-01-08 21:21 - 000197632 _____ (Microsoft Corporation) C:\windows\system32\smartscreenps.dll
2019-02-13 19:03 - 2019-01-08 21:21 - 000106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-13 19:03 - 2019-01-08 21:20 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2019-02-13 19:03 - 2019-01-08 21:19 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\GlobCollationHost.dll
2019-02-13 19:03 - 2019-01-08 21:18 - 000195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\GlobCollationHost.dll
2019-02-13 19:03 - 2019-01-08 20:34 - 000806320 _____ C:\windows\SysWOW64\locale.nls
2019-02-13 19:03 - 2019-01-08 20:34 - 000806320 _____ C:\windows\system32\locale.nls
2019-02-13 19:03 - 2019-01-08 01:08 - 000868864 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 000313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2019-02-13 19:03 - 2019-01-07 19:06 - 000000072 _____ C:\windows\system32\edgehtmlpluginpolicy.bin
2019-02-13 18:59 - 2019-02-16 16:40 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Roaming\.minecraft
2019-02-13 18:59 - 2019-02-13 18:59 - 000001037 _____ C:\Users\Public\Desktop\Minecraft.lnk
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\CEF
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2019-02-13 18:59 - 2019-02-13 18:59 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-01-25 11:02 - 2018-11-20 18:29 - 000103088 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\amdkmpfd.sys
2019-01-25 11:02 - 2018-11-20 18:29 - 000066968 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\amdkmafd.sys

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-18 11:55 - 2019-01-10 19:12 - 000002202 _____ C:\windows\System32\Tasks\StartCN
2019-02-18 11:55 - 2019-01-10 19:12 - 000002116 _____ C:\windows\System32\Tasks\StartDVR
2019-02-18 11:55 - 2018-12-01 15:43 - 000002860 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3577402269-2411322605-3892774908-1001
2019-02-18 11:55 - 2018-09-11 18:30 - 000002660 _____ C:\windows\System32\Tasks\McAfeeLogon
2019-02-18 11:55 - 2018-09-11 18:28 - 000002646 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2019-02-18 11:55 - 2018-09-11 18:27 - 000002856 _____ C:\windows\System32\Tasks\HPJumpStartLaunch
2019-02-18 11:55 - 2018-09-11 17:36 - 000002280 _____ C:\windows\System32\Tasks\RTKCPL
2019-02-18 11:55 - 2018-08-10 06:00 - 000002440 _____ C:\windows\System32\Tasks\HPAudioSwitch
2019-02-18 11:55 - 2018-08-10 05:58 - 000002502 _____ C:\windows\System32\Tasks\HPEA3JOBS
2019-02-18 11:55 - 2018-04-27 22:08 - 000002770 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2
2019-02-18 11:50 - 2018-04-27 22:06 - 000000000 ____D C:\windows\system32\SleepStudy
2019-02-17 21:42 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-02-17 19:19 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-17 19:19 - 2018-04-11 15:38 - 000000000 ____D C:\windows\AppReadiness
2019-02-16 11:59 - 2019-01-10 19:13 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\D3DSCache
2019-02-16 08:23 - 2018-04-11 15:36 - 000000000 ____D C:\windows\INF
2019-02-16 08:18 - 2018-04-11 15:38 - 000000000 ___HD C:\windows\ELAMBKUP
2019-02-15 17:21 - 2018-04-27 22:11 - 000933304 _____ C:\windows\system32\PerfStringBackup.INI
2019-02-14 20:34 - 2018-12-01 16:48 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-14 20:34 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-14 20:33 - 2018-12-02 10:33 - 000000000 ____D C:\Program Files\rempl
2019-02-14 20:25 - 2018-04-27 22:06 - 000411704 _____ C:\windows\system32\FNTCACHE.DAT
2019-02-14 20:25 - 2018-04-27 22:06 - 000000006 ____H C:\windows\Tasks\SA.DAT
2019-02-14 20:24 - 2018-09-11 17:37 - 000065536 _____ C:\windows\system32\spu_storage.bin
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ___SD C:\windows\SysWOW64\F12
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ___SD C:\windows\system32\F12
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\TextInput
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\ShellExperiences
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\windows\bcastdvr
2019-02-14 20:24 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-14 20:24 - 2018-04-11 13:04 - 000524288 _____ C:\windows\system32\config\BBI
2019-02-13 20:15 - 2018-04-11 13:04 - 000032768 _____ C:\windows\system32\config\ELAM
2019-02-13 19:08 - 2018-12-02 10:37 - 000000000 ____D C:\windows\system32\MRT
2019-02-13 19:08 - 2018-04-11 15:30 - 000000000 ____D C:\windows\CbsTemp
2019-02-13 19:07 - 2018-12-02 10:36 - 129330784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2019-02-13 19:02 - 2018-12-01 15:38 - 000000000 ____D C:\Users\Kids Upstairs Landin\AppData\Local\AMD
2019-02-07 19:56 - 2018-09-11 18:22 - 000000000 ____D C:\ProgramData\Packages
2019-02-06 18:40 - 2018-12-01 15:41 - 000000000 ___RD C:\Users\Kids Upstairs Landin\OneDrive
2019-02-06 18:40 - 2018-12-01 15:35 - 000002419 _____ C:\Users\Kids Upstairs Landin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-02 14:53 - 2018-04-11 15:41 - 000835480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2019-02-02 14:53 - 2018-04-11 15:41 - 000179600 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-01-25 11:02 - 2018-09-11 17:36 - 000000000 ____D C:\Program Files\AMD

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2018-04-27 22:06

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.02.2019 01
Ran by Kids Upstairs Landin (18-02-2019 11:55:28)
Running from C:\Users\Kids Upstairs Landin\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-12-01 23:33:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.2.2364 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.11.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.6.18.11 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.9.24.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.5.3.1031 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C693010C-7727-4824-9A13-8C7A5E43209A}) (Version: 16.5.3.1031 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R17 - McAfee, Inc.)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.11231.20174 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11231.20174 - Microsoft Corporation) Hidden
Opera Stable 58.0.3135.65 (HKU\S-1-5-21-3577402269-2411322605-3892774908-1001\...\Opera 58.0.3135.65) (Version: 58.0.3135.65 - Opera Software)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.108 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.46 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.281 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 1.0.0.59 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2019-01-08 10:43 - 2019-01-08 10:43 - 001495912 _____ () C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
2018-06-29 12:34 - 2018-06-29 12:34 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPMsgBusDLL.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 _____ () C:\windows\SYSTEM32\inputhost.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-11 18:10 - 2018-11-08 18:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2019-02-13 19:04 - 2019-02-05 18:25 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 000481280 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2019-01-31 18:09 - 2019-01-31 18:09 - 080636416 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 003824640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2019-01-16 18:22 - 2019-01-16 18:23 - 000012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 014225408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 002871296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-12-01 15:49 - 2018-12-01 15:50 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-12-01 15:50 - 2018-12-01 15:50 - 002538056 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-31 18:09 - 2019-01-31 18:09 - 001757696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.dll
2018-12-01 15:50 - 2018-12-01 15:51 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 010541568 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 002933760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\skypert.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000688640 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-02-14 20:33 - 2019-02-14 20:33 - 000016384 _____ () C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.exe
2019-02-14 20:33 - 2019-02-14 20:33 - 017380352 _____ () C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.13.46.0_x64__kx24dqmazqk8j\SimpleSolitaire.UWP.dll
2019-02-14 20:33 - 2019-02-14 20:34 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.180.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-01 15:52 - 2018-12-01 15:52 - 003859456 _____ () C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
2019-02-16 08:18 - 2019-02-16 08:18 - 000654216 _____ () c:\program files\avast software\avast\streamback.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 000321928 _____ () C:\Program Files\AVAST Software\Avast\serialization.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 000556936 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 001174920 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 002024840 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2019-02-17 19:16 - 2019-02-17 19:16 - 006884496 _____ () c:\program files\avast software\avast\defs\19021702\algo64.dll
2019-02-18 11:50 - 2019-02-18 11:50 - 006885008 _____ () c:\program files\avast software\avast\defs\19021804\algo64.dll
2019-02-16 08:18 - 2019-02-16 08:18 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 000317440 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\lwjgl64.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 000653832 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\avutil-ttv-51.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 000361103 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\swresample-ttv-0.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 000688161 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\libmp3lame-ttv.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 001384960 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\twitchsdk.dll
2019-02-16 16:41 - 2019-02-16 16:41 - 000382464 _____ () C:\Users\Kids Upstairs Landin\AppData\Local\Temp\71c1-b2b2-6e9d-546f\OpenAL64.dll
2019-02-13 18:59 - 2019-02-13 18:59 - 006129664 _____ () C:\Program Files (x86)\Minecraft\game\launcher.dll
2019-02-13 18:59 - 2019-02-13 18:59 - 063805440 _____ () C:\Program Files (x86)\Minecraft\game\libcef.dll
2019-02-13 18:59 - 2019-02-13 18:59 - 001872896 _____ () C:\Program Files (x86)\Minecraft\game\libglesv2.dll
2019-02-13 18:59 - 2019-02-13 18:59 - 000078848 _____ () C:\Program Files (x86)\Minecraft\game\libegl.dll