Virus, Spyware, Malware Removal [Solved]

Okay, it froze up again today.

I hope these are the copies you wanted.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01

Ran by Betty (administrator) on BETTYSPC2015 (10-03-2019 22:38:41)

Running from C:\Users\Betty\Desktop

Loaded Profiles: Betty (Available Profiles: Betty)

Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.0.2070\8.0.2070\TmsaInstance64.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe

(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe

(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe

(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe

(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE

(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245840 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1246200 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc -> Leader Technologies Inc.)

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [EPLTarget\P0000000000000008] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [BingSvc] => C:\Users\Betty\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\MountPoints2: {61c8f295-8b2f-11e5-8265-d85de2dfdbe6} - "F:\LaunchU3.exe"

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-11] (Microsoft Windows -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-04] (Google LLC -> Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{ce24e3e7-4fcf-4583-a090-278050e56c85}: [DhcpNameServer] 10.0.0.1

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com

SearchScopes: HKLM -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

IE Session Restore: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> is enabled.

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

Edge:

======

Edge Session Restore: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> is enabled.

Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-02-28]

FireFox:

========

FF DefaultProfile: ob5eiira.default-1551665803584

FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 [2019-03-04]

FF Homepage: Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 -> about:blank

FF Session Restore: Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 -> is enabled.

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]

FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected] [2018-11-07]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\[email protected]

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-04] (Google Inc -> Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-04] (Google Inc -> Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )

Chrome:

=======

CHR HomePage: Default -> bing.com

CHR StartupUrls: Default -> "hxxps://mysearch.avg.com/?cid={408DE358-D3B3-4594-B2AC-B1B7B12689D9}&mid=61711da016ad47d282e8d152ff3d6dae-f374b897d45477128a4395428d40a6f9c4e69228&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-11%2013:26:46&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com/?cid={408DE358-D3B3-4594-B2AC-B1B7B12689D9}&mid=61711da016ad47d282e8d152ff3d6dae-f374b897d45477128a4395428d40a6f9c4e69228&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-11%2013:26:46&v=3.2.0.15&pid=wtu&sg=&sap=hp","hxxps://www.facebook.com/"

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default [2019-03-10]

CHR Extension: (File Converter) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2019-03-04]

CHR Extension: (Docs) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]

CHR Extension: (Google Drive) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]

CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]

CHR Extension: (Sheets) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]

CHR Extension: (Google Docs Offline) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-06]

CHR Extension: (AdBlock) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-03-04]

CHR Extension: (HP Network Check Launcher) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2019-03-04]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-04]

CHR Extension: (Trend Micro Toolbar) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2019-03-04]

CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-04]

CHR Extension: (Chrome Media Router) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-04]

CHR HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imooohanopeeieejjcgioibkoejmdokj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [376016 2018-07-23] (Trend Micro, Inc. -> Trend Micro Inc.)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent Inc -> WildTangent)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)

R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-09-19] (Intel Corporation -> Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel® Corporation)

R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [415520 2015-07-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1127416 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-09] (Microsoft Corporation -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-09] (Microsoft Corporation -> Microsoft Corporation)

R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)

R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794376 2017-07-13] (Broadcom Corporation -> Broadcom Corp)

S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [187168 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)

S3 Cpqdfw; C:\WINDOWS\System32\drivers\cpqdfw.sys [27456 2012-05-29] (Hewlett-Packard Company -> Windows ® Codename Longhorn DDK provider)

S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2016-04-13] (Realtek Semiconductor Corp -> Realtek )

R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)

R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [147712 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)

R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [464136 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)

R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro, Inc. -> Trend Micro Inc.)

R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)

S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [38408 2018-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)

R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [148736 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)

R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-03-07] (Trend Micro, Inc. -> Trend Micro Inc.)

R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [149816 2019-02-20] (Trend Micro, Inc. -> Trend Micro Inc.)

R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137360 2018-03-28] (Trend Micro, Inc. -> Trend Micro Inc.)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-09] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-09] (Microsoft Windows -> Microsoft Corporation)

R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)

U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 20:52 - 2019-03-09 20:52 - 000000326 _____ C:\Users\Betty\Documents\The Fork.txt

2019-03-04 19:15 - 2019-03-04 19:15 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-03-04 19:15 - 2019-03-04 19:15 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2019-03-04 19:14 - 2019-03-04 19:14 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2019-03-04 19:14 - 2019-03-04 19:14 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2019-03-04 19:12 - 2019-03-04 19:12 - 000000871 _____ C:\Users\Betty\Documents\geekstogopost#25.txt

2019-03-03 22:17 - 2019-03-03 22:17 - 000000000 ____D C:\Users\Betty\Desktop\Old Firefox Data

2019-03-03 22:15 - 2019-03-03 22:15 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

2019-03-03 22:15 - 2019-03-03 22:15 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk

2019-03-03 22:15 - 2019-03-03 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2019-03-03 22:14 - 2019-03-03 22:18 - 000000000 ____D C:\ProgramData\Mozilla

2019-03-03 22:14 - 2019-03-03 22:15 - 000000000 ____D C:\Program Files\Mozilla Firefox

2019-03-01 16:17 - 2019-03-01 16:17 - 000050747 _____ C:\Users\Betty\Documents\Happy BDay Disney 1.html

2019-02-27 01:07 - 2019-02-27 01:07 - 000005424 _____ C:\Users\Betty\Documents\Whales.txt

2019-02-26 00:19 - 2019-02-26 00:21 - 000000000 ____D C:\AdwCleaner

2019-02-26 00:18 - 2019-02-26 00:18 - 007316688 _____ (Malwarebytes) C:\Users\Betty\Desktop\adwcleaner_7.2.7.0.exe

2019-02-25 22:48 - 2019-02-25 22:51 - 000008232 _____ C:\Users\Betty\Desktop\Fixlog.txt

2019-02-25 20:30 - 2019-03-10 22:38 - 000000000 ____D C:\Users\Betty\Desktop\FRST-OlderVersion

2019-02-25 19:29 - 2019-02-25 19:29 - 000000000 ____D C:\Users\Betty\Documents\Trend_Micro

2019-02-23 00:39 - 2019-02-25 20:53 - 000042510 _____ C:\Users\Betty\Desktop\Addition.txt

2019-02-23 00:34 - 2019-03-10 22:40 - 000024967 _____ C:\Users\Betty\Desktop\FRST.txt

2019-02-23 00:34 - 2019-03-10 22:38 - 000000000 ____D C:\FRST

2019-02-23 00:25 - 2019-03-10 22:38 - 002434560 _____ (Farbar) C:\Users\Betty\Desktop\FRST64.exe

2019-02-22 22:32 - 2019-03-09 01:49 - 000000797 _____ C:\Users\Betty\Desktop\Pictures - Shortcut.lnk

2019-02-22 13:18 - 2019-02-22 13:18 - 000000000 ____D C:\WINDOWS\LastGood.Tmp

2019-02-16 21:04 - 2019-02-16 21:04 - 000000000 ___HD C:\$SysReset

2019-02-16 18:47 - 2018-09-20 00:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

2019-02-16 00:06 - 2016-01-15 01:24 - 003309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2019-02-16 00:06 - 2016-01-15 01:24 - 003075784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll

2019-02-16 00:06 - 2016-01-15 01:24 - 000203432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2019-02-16 00:06 - 2016-01-15 01:20 - 004695288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys

2019-02-16 00:06 - 2016-01-15 01:20 - 000032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll

2019-02-15 23:55 - 2015-06-05 03:59 - 002825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll

2019-02-15 20:54 - 2019-02-15 20:54 - 000003924 _____ C:\Users\Betty\Documents\Messy Bun Hat Free Crochet Beanie Pattern.txt

2019-02-12 20:26 - 2019-02-06 03:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2019-02-12 20:26 - 2019-02-06 03:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2019-02-12 20:26 - 2019-02-05 23:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2019-02-12 20:26 - 2019-02-05 23:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2019-02-12 20:26 - 2019-02-05 23:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2019-02-12 20:26 - 2019-02-05 23:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2019-02-12 20:26 - 2019-02-05 23:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2019-02-12 20:26 - 2019-02-05 22:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2019-02-12 20:26 - 2019-02-05 22:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2019-02-12 20:26 - 2019-02-05 22:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2019-02-12 20:26 - 2019-02-05 22:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2019-02-12 20:26 - 2019-02-05 22:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2019-02-12 20:26 - 2019-02-05 22:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2019-02-12 20:26 - 2019-02-05 22:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2019-02-12 20:26 - 2019-02-05 22:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2019-02-12 20:26 - 2019-02-05 22:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2019-02-12 20:26 - 2019-01-09 13:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll

2019-02-12 20:26 - 2019-01-09 13:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2019-02-12 20:26 - 2019-01-09 13:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2019-02-12 20:26 - 2019-01-09 05:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2019-02-12 20:26 - 2019-01-09 01:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2019-02-12 20:26 - 2019-01-09 01:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2019-02-12 20:26 - 2019-01-09 01:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2019-02-12 20:26 - 2019-01-09 01:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2019-02-12 20:26 - 2019-01-09 01:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2019-02-12 20:26 - 2019-01-09 01:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2019-02-12 20:26 - 2019-01-09 01:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2019-02-12 20:26 - 2019-01-09 01:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2019-02-12 20:26 - 2019-01-09 01:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2019-02-12 20:26 - 2019-01-09 01:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2019-02-12 20:26 - 2019-01-09 01:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2019-02-12 20:26 - 2019-01-09 01:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll

2019-02-12 20:26 - 2019-01-09 01:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2019-02-12 20:26 - 2019-01-09 01:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2019-02-12 20:25 - 2019-02-06 03:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2019-02-12 20:25 - 2019-02-06 03:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll

2019-02-12 20:25 - 2019-02-06 03:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2019-02-12 20:25 - 2019-02-06 03:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2019-02-12 20:25 - 2019-02-06 03:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll

2019-02-12 20:25 - 2019-02-06 03:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2019-02-12 20:25 - 2019-02-06 02:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll

2019-02-12 20:25 - 2019-02-06 02:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2019-02-12 20:25 - 2019-02-06 02:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2019-02-12 20:25 - 2019-02-06 02:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2019-02-12 20:25 - 2019-02-05 23:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2019-02-12 20:25 - 2019-02-05 23:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2019-02-12 20:25 - 2019-02-05 23:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2019-02-12 20:25 - 2019-02-05 23:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2019-02-12 20:25 - 2019-02-05 23:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll

2019-02-12 20:25 - 2019-02-05 23:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys

2019-02-12 20:25 - 2019-02-05 23:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll

2019-02-12 20:25 - 2019-02-05 23:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2019-02-12 20:25 - 2019-02-05 23:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2019-02-12 20:25 - 2019-02-05 23:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2019-02-12 20:25 - 2019-02-05 23:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2019-02-12 20:25 - 2019-02-05 23:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll

2019-02-12 20:25 - 2019-02-05 23:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

2019-02-12 20:25 - 2019-02-05 23:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys

2019-02-12 20:25 - 2019-02-05 23:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2019-02-12 20:25 - 2019-02-05 23:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2019-02-12 20:25 - 2019-02-05 23:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2019-02-12 20:25 - 2019-02-05 23:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe

2019-02-12 20:25 - 2019-02-05 23:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll

2019-02-12 20:25 - 2019-02-05 22:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys

2019-02-12 20:25 - 2019-02-05 22:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2019-02-12 20:25 - 2019-02-05 22:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2019-02-12 20:25 - 2019-02-05 22:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe

2019-02-12 20:25 - 2019-02-05 22:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2019-02-12 20:25 - 2019-02-05 22:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2019-02-12 20:25 - 2019-02-05 22:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll

2019-02-12 20:25 - 2019-02-05 22:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll

2019-02-12 20:25 - 2019-02-05 22:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2019-02-12 20:25 - 2019-02-05 22:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll

2019-02-12 20:25 - 2019-02-05 22:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys

2019-02-12 20:25 - 2019-02-05 22:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys

2019-02-12 20:25 - 2019-02-05 22:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll

2019-02-12 20:25 - 2019-02-05 22:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll

2019-02-12 20:25 - 2019-02-05 22:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll

2019-02-12 20:25 - 2019-02-05 22:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys

2019-02-12 20:25 - 2019-02-05 22:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2019-02-12 20:25 - 2019-02-05 22:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2019-02-12 20:25 - 2019-02-05 22:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys

2019-02-12 20:25 - 2019-02-05 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll

2019-02-12 20:25 - 2019-02-05 22:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2019-02-12 20:25 - 2019-02-05 22:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2019-02-12 20:25 - 2019-02-05 22:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll

2019-02-12 20:25 - 2019-02-05 22:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2019-02-12 20:25 - 2019-02-05 22:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2019-02-12 20:25 - 2019-02-05 22:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2019-02-12 20:25 - 2019-02-05 22:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2019-02-12 20:25 - 2019-02-05 22:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys

2019-02-12 20:25 - 2019-02-05 21:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim

2019-02-12 20:25 - 2019-01-12 04:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll

2019-02-12 20:25 - 2019-01-11 22:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll

2019-02-12 20:25 - 2019-01-09 14:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2019-02-12 20:25 - 2019-01-09 13:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2019-02-12 20:25 - 2019-01-09 13:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll

2019-02-12 20:25 - 2019-01-09 13:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll

2019-02-12 20:25 - 2019-01-09 13:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2019-02-12 20:25 - 2019-01-09 06:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2019-02-12 20:25 - 2019-01-09 05:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll

2019-02-12 20:25 - 2019-01-09 04:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2019-02-12 20:25 - 2019-01-09 04:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll

2019-02-12 20:25 - 2019-01-09 01:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2019-02-12 20:25 - 2019-01-09 01:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll

2019-02-12 20:25 - 2019-01-09 01:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe

2019-02-12 20:25 - 2019-01-09 01:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe

2019-02-12 20:25 - 2019-01-09 01:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys

2019-02-12 20:25 - 2019-01-09 01:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2019-02-12 20:25 - 2019-01-09 01:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2019-02-12 20:25 - 2019-01-09 01:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2019-02-12 20:25 - 2019-01-09 01:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys

2019-02-12 20:25 - 2019-01-09 01:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll

2019-02-12 20:25 - 2019-01-09 01:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe

2019-02-12 20:25 - 2019-01-09 01:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2019-02-12 20:25 - 2019-01-09 01:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2019-02-12 20:25 - 2019-01-09 01:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll

2019-02-12 20:25 - 2019-01-09 01:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll

2019-02-12 20:25 - 2019-01-09 01:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll

2019-02-12 20:25 - 2019-01-09 01:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll

2019-02-12 20:25 - 2019-01-09 01:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll

2019-02-12 20:25 - 2019-01-09 01:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll

2019-02-12 20:25 - 2019-01-09 01:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2019-02-12 20:25 - 2019-01-09 01:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll

2019-02-12 20:25 - 2019-01-09 01:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll

2019-02-12 20:25 - 2019-01-09 01:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2019-02-12 20:25 - 2019-01-09 01:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2019-02-12 20:25 - 2019-01-09 01:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2019-02-12 20:25 - 2019-01-09 01:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll

2019-02-12 20:25 - 2019-01-09 01:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2019-02-12 20:25 - 2019-01-09 01:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll

2019-02-12 20:25 - 2019-01-09 01:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll

2019-02-12 20:25 - 2019-01-09 01:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll

2019-02-12 20:25 - 2019-01-09 01:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll

2019-02-12 20:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls

2019-02-12 20:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls

2019-02-12 20:25 - 2019-01-08 05:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll

2019-02-12 20:25 - 2019-01-07 23:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll

2019-02-12 20:25 - 2019-01-07 23:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll

2019-02-12 20:25 - 2019-01-07 23:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-10 22:29 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2019-03-10 21:08 - 2015-09-30 15:42 - 000000010 _____ C:\Users\Betty\AppData\Local\sponge.last.runtime.cache

2019-03-10 18:47 - 2018-05-21 20:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2019-03-10 17:01 - 2018-05-21 20:42 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C46BE9D6-F004-4084-8F64-9D075E25127F}

2019-03-10 11:37 - 2018-05-21 20:42 - 000003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBetty

2019-03-10 11:37 - 2016-07-28 20:49 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBetty.job

2019-03-10 10:32 - 2017-09-15 22:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2019-03-10 10:32 - 2015-09-26 19:09 - 000000000 __SHD C:\Users\Betty\IntelGraphicsProfiles

2019-03-09 12:21 - 2018-05-21 20:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2164851890-4157585229-2641369706-1001

2019-03-09 12:21 - 2018-05-21 20:17 - 000002417 _____ C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2019-03-09 12:21 - 2015-09-26 19:13 - 000000000 ___RD C:\Users\Betty\OneDrive

2019-03-08 14:17 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

2019-03-08 14:13 - 2018-05-21 20:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2019-03-08 14:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness

2019-03-08 14:12 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI

2019-03-08 13:16 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps

2019-03-07 14:17 - 2017-08-17 05:55 - 000000000 ____D C:\Users\Betty\Documents\Backups

2019-03-07 05:47 - 2015-09-30 13:34 - 000000000 ____D C:\ProgramData\Trend Micro

2019-03-07 02:58 - 2017-02-02 14:03 - 000056784 _____ C:\Users\Betty\AppData\Local\GDIPFONTCACHEV1.DAT

2019-03-05 23:02 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2019-03-04 19:15 - 2015-09-26 20:49 - 000000000 ____D C:\Users\Betty\AppData\Local\Google

2019-03-04 19:15 - 2015-09-26 20:49 - 000000000 ____D C:\Program Files (x86)\Google

2019-03-04 19:12 - 2017-03-13 11:27 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Mozilla

2019-03-03 22:18 - 2017-03-13 11:27 - 000000000 ____D C:\Users\Betty\AppData\Roaming\Mozilla

2019-03-03 09:52 - 2018-08-05 11:58 - 000000000 ____D C:\Users\Betty\AppData\Local\Deployment

2019-03-03 08:16 - 2017-12-24 20:00 - 000000000 ____D C:\Users\Betty\AppData\Local\PlaceholderTileLogoFolder

2019-03-01 21:08 - 2018-05-21 20:16 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2019-03-01 21:08 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF

2019-03-01 16:14 - 2018-11-16 20:30 - 000000000 ____D C:\Program Files\rempl

2019-02-28 19:29 - 2015-09-28 15:58 - 000000000 ____D C:\Users\Betty\AppData\Local\ElevatedDiagnostics

2019-02-27 23:36 - 2016-04-19 13:00 - 000001937 _____ C:\Users\Betty\Desktop\This PC.lnk

2019-02-26 00:06 - 2017-09-15 22:32 - 000007873 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip

2019-02-25 22:51 - 2015-11-15 16:44 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Temp

2019-02-22 13:18 - 2017-09-15 22:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2019-02-20 18:10 - 2016-07-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

2019-02-20 02:46 - 2018-10-15 16:27 - 000149816 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys

2019-02-16 21:41 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp

2019-02-16 20:23 - 2015-05-27 22:09 - 000000000 ____D C:\ProgramData\SoundResearch

2019-02-16 00:08 - 2015-05-27 22:26 - 000000000 ___HD C:\Program Files (x86)\Temp

2019-02-16 00:07 - 2017-09-15 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos

2019-02-15 23:55 - 2014-08-14 21:53 - 000000000 ____D C:\SWSETUP

2019-02-12 21:14 - 2018-05-21 20:12 - 000292504 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2019-02-12 21:13 - 2018-05-21 20:17 - 000000000 ____D C:\Users\Betty

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\F12

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences

2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr

2019-02-12 20:23 - 2015-09-27 14:47 - 000000000 ____D C:\WINDOWS\system32\MRT

2019-02-12 20:10 - 2015-09-27 14:47 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2019-02-12 14:28 - 2018-05-21 20:42 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier

2019-02-12 14:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed

2019-02-12 14:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

2019-02-08 11:40 - 2018-06-25 15:55 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories =======

2015-09-30 13:33 - 2015-09-30 13:33 - 000000036 _____ () C:\Users\Betty\AppData\Local\housecall.guid.cache

2015-11-15 16:59 - 2015-11-15 17:03 - 000007596 _____ () C:\Users\Betty\AppData\Local\resmon.resmoncfg

2015-09-30 15:42 - 2019-03-10 21:08 - 000000010 _____ () C:\Users\Betty\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\dllhost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-21 20:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01

Ran by Betty (10-03-2019 22:41:17)

Running from C:\Users\Betty\Desktop

Windows 10 Home Version 1803 17134.590 (X64) (2018-05-22 00:44:28)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2164851890-4157585229-2641369706-500 - Administrator - Disabled)

Betty (S-1-5-21-2164851890-4157585229-2641369706-1001 - Administrator - Enabled) => C:\Users\Betty

DefaultAccount (S-1-5-21-2164851890-4157585229-2641369706-503 - Limited - Disabled)

Guest (S-1-5-21-2164851890-4157585229-2641369706-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2164851890-4157585229-2641369706-1003 - Limited - Enabled)

WDAGUtilityAccount (S-1-5-21-2164851890-4157585229-2641369706-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Trend Micro Maximum Security (Enabled - Up to date) {90387C74-1C56-9484-893C-8ADCB2906C3D}

AS: Trend Micro Maximum Security (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)

Azkend 2: The World Beneath (HKLM-x32\...\WTA-36894e8b-c90e-427c-ae2a-b247e0928557) (Version: 2.2.0.98 - WildTangent) Hidden

Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b604f961-de56-4501-9864-1d6762463dea) (Version: 3.0.2.48 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)

Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden

Coyote The Outlander (HKLM-x32\...\WTA-608ce4ff-cc42-41b5-9398-4cd698963d65) (Version: 3.0.2.59 - WildTangent) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.)

Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Hidden

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)

CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.)

CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)

CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden

CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)

Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-69e19651-27cb-4c7f-81bd-8815adafe2bc) (Version: 3.0.2.59 - WildTangent) Hidden

DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Entwined: The Perfect Murder (HKLM-x32\...\WTA-a59f000f-4f7c-4db9-a1e9-de60f1eff1d1) (Version: 3.0.2.59 - WildTangent) Hidden

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)

EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)

EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)

Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hidden Odyssey 2 in 1 Pack (HKLM-x32\...\WTA-7e4596f9-f698-4423-9059-6f2ec458ffdb) (Version: 3.0.2.59 - WildTangent) Hidden

Home Makeover (HKLM-x32\...\WTA-adc560a4-bcc8-4ff6-8d6a-eedac7944174) (Version: 3.0.2.59 - WildTangent) Hidden

HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)

HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company)

HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)

HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)

Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-f694afab-de09-4929-9fe0-0bab0192fa05) (Version: 3.0.2.59 - WildTangent) Hidden

Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-8a302da5-94b8-4516-af7e-18958d817e37) (Version: 3.0.2.59 - WildTangent) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-d32e524b-90d7-4878-9a46-4387666f93bb) (Version: 3.0.2.59 - WildTangent) Hidden

LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)

Magic Heroes: Save Our Park (HKLM-x32\...\WTA-145a99eb-8bbc-42bd-8b32-2a18718681ed) (Version: 3.0.2.59 - WildTangent) Hidden

Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-32a669c1-7479-4233-a31c-a120c160e2e9) (Version: 3.0.2.59 - WildTangent) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 65.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.2 (x64 en-US)) (Version: 65.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)

Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-a5a91193-257f-4b6e-9e80-972be6b73608) (Version: 3.0.2.59 - WildTangent) Hidden

Plagiarii (HKLM-x32\...\WTA-524196b3-3f42-4695-95e8-e2968f32f2ba) (Version: 3.0.2.59 - WildTangent) Hidden

Polar Bowler 1st Frame (HKLM-x32\...\WTA-8b05aefd-e9a5-4b3b-8d0b-949c0c1dcbbf) (Version: 3.0.2.59 - WildTangent) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)

Royal Envoy Double Pack (HKLM-x32\...\WTA-6cf0024a-e895-401a-b9e4-aa96c7d26f93) (Version: 3.0.2.59 - WildTangent) Hidden

Runefall (HKLM-x32\...\WTA-81acb04d-ce05-46e6-a5a5-75c5c814b3c9) (Version: 3.0.2.126 - WildTangent) Hidden

Rush Hour! Gas Station (HKLM-x32\...\WTA-ff1e2f52-6956-49e2-818a-26b8e4675bd2) (Version: 3.0.2.59 - WildTangent) Hidden

Sky High Farm (HKLM-x32\...\WTA-9a88e0e0-081d-4396-af4b-4cb7a327d918) (Version: 3.0.2.59 - WildTangent) Hidden

Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-bcccc297-328b-40cb-a3e5-535ae467608e) (Version: 3.0.2.51 - WildTangent) Hidden

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 15.0 - Trend Micro Inc.)

Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)

Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}

ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)

ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)

ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {026B189A-F40F-4CED-AE8D-7845B34E4717} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)

Task: {02E20B43-0E96-4B91-B82A-06298E110733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)

Task: {1800A432-D9A1-4083-B15F-3FF793CF452B} - System32\Tasks\S-1-5-21-2164851890-4157585229-2641369706-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)

Task: {1E55CA30-C895-4C7A-98B1-A80F608A5F7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)

Task: {27EEBD2C-18B4-489E-8C5F-6C9B8D836279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {2C31936C-9BBF-4870-B8F0-8D747E1A9C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)

Task: {3009178E-8F33-47B8-87C9-E8ED2B360B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe

Task: {40B0F21A-28FC-4950-B23E-7E55C7586183} - System32\Tasks\HPCeeScheduleForBetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard)

Task: {4E271199-71FC-43DC-B10B-3B686B6F557A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)

Task: {5261B7F0-D1DC-4DC3-8B2C-3AA648788B30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {5E1EB23E-8FC1-4831-AA04-197054DD0291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp74344.exe <==== ATTENTION

Task: {90CD6B83-53AD-49BB-888D-68DDB6A9B11E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )

Task: {ACEC5CCD-885C-4286-8B70-A732FD60364B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)

Task: {CECD24C8-C941-4041-BE18-F6DF7A187AEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)

Task: {DAF2F41F-205F-458E-862F-862BA482A87A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)

Task: {EC1119CF-D161-4E84-8230-6645DD51A657} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {F6DACEBF-5F4C-45CF-98D2-8D7489796FC8} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe (Trend Micro, Inc. -> Trend Micro Inc.)

Task: {F83FD891-DD6C-4C31-92AB-505CF04846C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForBetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Betty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Betty - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2016-07-22 16:31 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2016-07-22 16:31 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

2015-05-19 09:11 - 2015-05-19 09:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe

2010-11-19 00:08 - 2010-11-19 00:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll

2011-04-14 09:16 - 2011-04-14 09:16 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll

2011-04-14 09:25 - 2011-04-14 09:25 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll

2011-04-14 09:25 - 2011-04-14 09:25 - 000206336 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll

2011-04-14 09:25 - 2011-04-14 09:25 - 000082944 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll

2012-02-09 12:53 - 2012-02-09 12:53 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll

2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-11-17 20:07 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts

2016-02-18 17:48 - 2017-09-06 12:54 - 000000578 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

10.0.0.10 BettysPC2015.mshome.net # 2022 9 1 5 16 54 39 178

263

2.168.137.94 Bobs-Laptop.mshome.net # 2016 7 6 9 19 44 0 412

192.168.137.170 kindle-ed54a041b.mshome.net # 2016 6 4 30 19 16 49 990

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files\Broadcom\Broadcom 802.11;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg

DNS Servers: 10.0.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "IAStorIcon"

HKLM\...\StartupApproved\Run32: => "FUFAXRCV"

HKLM\...\StartupApproved\Run32: => "FUFAXSTM"

HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B5890AC3-4B72-44F9-9881-3515B9B70767}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

FirewallRules: [UDP Query User{CEA3456A-702B-409A-BD4D-9BD6E489A7EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

FirewallRules: [TCP Query User{697C232B-4940-47B3-98AA-B3720FB0A6AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

FirewallRules: [UDP Query User{09A6533F-7CCF-4619-9447-51FA51EE983C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

FirewallRules: [{A1810E64-86C0-4F4D-B9CC-97595361E1B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{5AB0314C-AFA0-4DBD-885B-9022BE760CA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{588B5198-9D9F-416D-82D6-762F8560D7AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

20-02-2019 18:07:55 Installed Epson Software Updater

01-03-2019 00:43:14 Scheduled Checkpoint

03-03-2019 08:06:48 Windows Backup

10-03-2019 10:35:40 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )