Okay, it froze up again today.
I hope these are the copies you wanted.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by Betty (administrator) on BETTYSPC2015 (10-03-2019 22:38:41)
Running from C:\Users\Betty\Desktop
Loaded Profiles: Betty (Available Profiles: Betty)
Platform: Windows 10 Home Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.0.2070\8.0.2070\TmsaInstance64.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Microsoft Corporation -> © 2015 Microsoft Corporation) C:\Users\Betty\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245840 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1246200 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc -> Leader Technologies Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [EPLTarget\P0000000000000008] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\Run: [BingSvc] => C:\Users\Betty\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2017-12-26] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\MountPoints2: {61c8f295-8b2f-11e5-8265-d85de2dfdbe6} - "F:\LaunchU3.exe"
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [149504 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-04] (Google LLC -> Google Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{ce24e3e7-4fcf-4583-a090-278050e56c85}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google%20chrome/
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> {9F6BE75B-035F-46DE-8999-D5980DDFFD1E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
IE Session Restore: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> is enabled.
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
Edge:
======
Edge Session Restore: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001 -> is enabled.
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.9.0.0_neutral__c1wakc4j0nefm [2019-02-28]
FireFox:
========
FF DefaultProfile: ob5eiira.default-1551665803584
FF ProfilePath: C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 [2019-03-04]
FF Homepage: Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\ob5eiira.default-1551665803584 -> is enabled.
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\
[email protected] [2018-11-07]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-04] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-03-04] (Google Inc -> Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
Chrome:
=======
CHR HomePage: Default -> bing.com
CHR StartupUrls: Default -> "hxxps://mysearch.avg.com/?cid={408DE358-D3B3-4594-B2AC-B1B7B12689D9}&mid=61711da016ad47d282e8d152ff3d6dae-f374b897d45477128a4395428d40a6f9c4e69228&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-11%2013:26:46&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com/?cid={408DE358-D3B3-4594-B2AC-B1B7B12689D9}&mid=61711da016ad47d282e8d152ff3d6dae-f374b897d45477128a4395428d40a6f9c4e69228&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-11%2013:26:46&v=3.2.0.15&pid=wtu&sg=&sap=hp","hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default [2019-03-10]
CHR Extension: (File Converter) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2019-03-04]
CHR Extension: (Docs) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-04]
CHR Extension: (Google Drive) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-03-04]
CHR Extension: (YouTube) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-04]
CHR Extension: (Sheets) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-03-06]
CHR Extension: (AdBlock) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-03-04]
CHR Extension: (HP Network Check Launcher) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2019-03-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-03-04]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2019-03-04]
CHR Extension: (Gmail) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-03-04]
CHR HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [imooohanopeeieejjcgioibkoejmdokj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [376016 2018-07-23] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent Inc -> WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-09-19] (Intel Corporation -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [415520 2015-07-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1127416 2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-09] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [177432 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794376 2017-07-13] (Broadcom Corporation -> Broadcom Corp)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [187168 2015-12-01] (Broadcom Corporation -> Broadcom Corporation.)
S3 Cpqdfw; C:\WINDOWS\System32\drivers\cpqdfw.sys [27456 2012-05-29] (Hewlett-Packard Company -> Windows ® Codename Longhorn DDK provider)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2016-04-13] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-09-27] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [147712 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [464136 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [38408 2018-05-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [148736 2018-09-28] (Trend Micro, Inc. -> Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [562296 2018-03-07] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [149816 2019-02-20] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [137360 2018-03-28] (Trend Micro, Inc. -> Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-09] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation -> Microsoft Corporation)
U2 TMAgent; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-09 20:52 - 2019-03-09 20:52 - 000000326 _____ C:\Users\Betty\Documents\The Fork.txt
2019-03-04 19:15 - 2019-03-04 19:15 - 000002384 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-04 19:15 - 2019-03-04 19:15 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-03-04 19:14 - 2019-03-04 19:14 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-03-04 19:14 - 2019-03-04 19:14 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-03-04 19:12 - 2019-03-04 19:12 - 000000871 _____ C:\Users\Betty\Documents\geekstogopost#25.txt
2019-03-03 22:17 - 2019-03-03 22:17 - 000000000 ____D C:\Users\Betty\Desktop\Old Firefox Data
2019-03-03 22:15 - 2019-03-03 22:15 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-03 22:15 - 2019-03-03 22:15 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-03-03 22:15 - 2019-03-03 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-03 22:14 - 2019-03-03 22:18 - 000000000 ____D C:\ProgramData\Mozilla
2019-03-03 22:14 - 2019-03-03 22:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-01 16:17 - 2019-03-01 16:17 - 000050747 _____ C:\Users\Betty\Documents\Happy BDay Disney 1.html
2019-02-27 01:07 - 2019-02-27 01:07 - 000005424 _____ C:\Users\Betty\Documents\Whales.txt
2019-02-26 00:19 - 2019-02-26 00:21 - 000000000 ____D C:\AdwCleaner
2019-02-26 00:18 - 2019-02-26 00:18 - 007316688 _____ (Malwarebytes) C:\Users\Betty\Desktop\adwcleaner_7.2.7.0.exe
2019-02-25 22:48 - 2019-02-25 22:51 - 000008232 _____ C:\Users\Betty\Desktop\Fixlog.txt
2019-02-25 20:30 - 2019-03-10 22:38 - 000000000 ____D C:\Users\Betty\Desktop\FRST-OlderVersion
2019-02-25 19:29 - 2019-02-25 19:29 - 000000000 ____D C:\Users\Betty\Documents\Trend_Micro
2019-02-23 00:39 - 2019-02-25 20:53 - 000042510 _____ C:\Users\Betty\Desktop\Addition.txt
2019-02-23 00:34 - 2019-03-10 22:40 - 000024967 _____ C:\Users\Betty\Desktop\FRST.txt
2019-02-23 00:34 - 2019-03-10 22:38 - 000000000 ____D C:\FRST
2019-02-23 00:25 - 2019-03-10 22:38 - 002434560 _____ (Farbar) C:\Users\Betty\Desktop\FRST64.exe
2019-02-22 22:32 - 2019-03-09 01:49 - 000000797 _____ C:\Users\Betty\Desktop\Pictures - Shortcut.lnk
2019-02-22 13:18 - 2019-02-22 13:18 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-02-16 21:04 - 2019-02-16 21:04 - 000000000 ___HD C:\$SysReset
2019-02-16 18:47 - 2018-09-20 00:12 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-02-16 00:06 - 2016-01-15 01:24 - 003309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2019-02-16 00:06 - 2016-01-15 01:24 - 003075784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2019-02-16 00:06 - 2016-01-15 01:24 - 000203432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2019-02-16 00:06 - 2016-01-15 01:20 - 004695288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2019-02-16 00:06 - 2016-01-15 01:20 - 000032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2019-02-15 23:55 - 2015-06-05 03:59 - 002825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2019-02-15 20:54 - 2019-02-15 20:54 - 000003924 _____ C:\Users\Betty\Documents\Messy Bun Hat Free Crochet Beanie Pattern.txt
2019-02-12 20:26 - 2019-02-06 03:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-12 20:26 - 2019-02-06 03:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-12 20:26 - 2019-02-05 23:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-12 20:26 - 2019-02-05 23:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-12 20:26 - 2019-02-05 23:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:26 - 2019-02-05 23:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-12 20:26 - 2019-02-05 23:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-12 20:26 - 2019-02-05 22:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-12 20:26 - 2019-02-05 22:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-12 20:26 - 2019-02-05 22:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-12 20:26 - 2019-02-05 22:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-12 20:26 - 2019-02-05 22:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-12 20:26 - 2019-02-05 22:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-12 20:26 - 2019-02-05 22:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-12 20:26 - 2019-02-05 22:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-12 20:26 - 2019-02-05 22:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-12 20:26 - 2019-01-09 13:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-12 20:26 - 2019-01-09 13:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-12 20:26 - 2019-01-09 13:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-12 20:26 - 2019-01-09 05:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-12 20:26 - 2019-01-09 01:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-12 20:26 - 2019-01-09 01:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-12 20:26 - 2019-01-09 01:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-12 20:26 - 2019-01-09 01:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-12 20:26 - 2019-01-09 01:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-12 20:26 - 2019-01-09 01:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-12 20:26 - 2019-01-09 01:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-12 20:26 - 2019-01-09 01:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-12 20:26 - 2019-01-09 01:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-12 20:26 - 2019-01-09 01:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-12 20:26 - 2019-01-09 01:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-12 20:26 - 2019-01-09 01:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-12 20:26 - 2019-01-09 01:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-12 20:26 - 2019-01-09 01:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-12 20:25 - 2019-02-06 03:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-12 20:25 - 2019-02-06 03:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-12 20:25 - 2019-02-06 03:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-12 20:25 - 2019-02-06 03:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-12 20:25 - 2019-02-06 03:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-12 20:25 - 2019-02-06 03:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-12 20:25 - 2019-02-06 02:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-12 20:25 - 2019-02-06 02:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-12 20:25 - 2019-02-06 02:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-12 20:25 - 2019-02-06 02:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-12 20:25 - 2019-02-05 23:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-12 20:25 - 2019-02-05 23:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-12 20:25 - 2019-02-05 23:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-12 20:25 - 2019-02-05 23:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-12 20:25 - 2019-02-05 23:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-12 20:25 - 2019-02-05 23:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-12 20:25 - 2019-02-05 23:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-12 20:25 - 2019-02-05 23:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-12 20:25 - 2019-02-05 23:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-12 20:25 - 2019-02-05 23:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-12 20:25 - 2019-02-05 23:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-12 20:25 - 2019-02-05 23:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-12 20:25 - 2019-02-05 23:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-12 20:25 - 2019-02-05 23:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-12 20:25 - 2019-02-05 23:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-12 20:25 - 2019-02-05 23:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-12 20:25 - 2019-02-05 23:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-12 20:25 - 2019-02-05 23:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-12 20:25 - 2019-02-05 23:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-12 20:25 - 2019-02-05 22:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-12 20:25 - 2019-02-05 22:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-12 20:25 - 2019-02-05 22:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-12 20:25 - 2019-02-05 22:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-12 20:25 - 2019-02-05 22:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-12 20:25 - 2019-02-05 22:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-12 20:25 - 2019-02-05 22:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-12 20:25 - 2019-02-05 22:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-12 20:25 - 2019-02-05 22:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-12 20:25 - 2019-02-05 22:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-12 20:25 - 2019-02-05 22:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-02-12 20:25 - 2019-02-05 22:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-12 20:25 - 2019-02-05 22:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-12 20:25 - 2019-02-05 22:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-12 20:25 - 2019-02-05 22:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-12 20:25 - 2019-02-05 22:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-12 20:25 - 2019-02-05 22:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-12 20:25 - 2019-02-05 22:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-12 20:25 - 2019-02-05 22:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-12 20:25 - 2019-02-05 22:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-12 20:25 - 2019-02-05 22:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-12 20:25 - 2019-02-05 22:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-12 20:25 - 2019-02-05 22:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-12 20:25 - 2019-02-05 22:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-12 20:25 - 2019-02-05 22:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-12 20:25 - 2019-02-05 22:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-12 20:25 - 2019-02-05 22:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-12 20:25 - 2019-02-05 22:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-12 20:25 - 2019-02-05 21:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-12 20:25 - 2019-01-12 04:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:25 - 2019-01-11 22:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-12 20:25 - 2019-01-09 14:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-12 20:25 - 2019-01-09 13:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-12 20:25 - 2019-01-09 13:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-12 20:25 - 2019-01-09 13:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-12 20:25 - 2019-01-09 13:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-12 20:25 - 2019-01-09 06:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-12 20:25 - 2019-01-09 05:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-12 20:25 - 2019-01-09 04:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-12 20:25 - 2019-01-09 04:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-12 20:25 - 2019-01-09 01:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-12 20:25 - 2019-01-09 01:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-12 20:25 - 2019-01-09 01:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-12 20:25 - 2019-01-09 01:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-12 20:25 - 2019-01-09 01:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-12 20:25 - 2019-01-09 01:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-12 20:25 - 2019-01-09 01:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-12 20:25 - 2019-01-09 01:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-12 20:25 - 2019-01-09 01:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-12 20:25 - 2019-01-09 01:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-12 20:25 - 2019-01-09 01:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-12 20:25 - 2019-01-09 01:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-12 20:25 - 2019-01-09 01:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-12 20:25 - 2019-01-09 01:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-12 20:25 - 2019-01-09 01:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-12 20:25 - 2019-01-09 01:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-12 20:25 - 2019-01-09 01:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-12 20:25 - 2019-01-09 01:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:25 - 2019-01-09 01:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-12 20:25 - 2019-01-09 01:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-12 20:25 - 2019-01-09 01:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-12 20:25 - 2019-01-09 01:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-12 20:25 - 2019-01-09 01:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-12 20:25 - 2019-01-09 01:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:25 - 2019-01-09 01:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-12 20:25 - 2019-01-09 01:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-12 20:25 - 2019-01-09 01:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-12 20:25 - 2019-01-09 01:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-12 20:25 - 2019-01-09 01:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-12 20:25 - 2019-01-09 01:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-12 20:25 - 2019-01-09 01:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-12 20:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-12 20:25 - 2019-01-09 00:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-12 20:25 - 2019-01-08 05:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-12 20:25 - 2019-01-07 23:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-12 20:25 - 2019-01-07 23:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-12 20:25 - 2019-01-07 23:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-10 22:29 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-10 21:08 - 2015-09-30 15:42 - 000000010 _____ C:\Users\Betty\AppData\Local\sponge.last.runtime.cache
2019-03-10 18:47 - 2018-05-21 20:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-10 17:01 - 2018-05-21 20:42 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C46BE9D6-F004-4084-8F64-9D075E25127F}
2019-03-10 11:37 - 2018-05-21 20:42 - 000003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBetty
2019-03-10 11:37 - 2016-07-28 20:49 - 000000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBetty.job
2019-03-10 10:32 - 2017-09-15 22:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-10 10:32 - 2015-09-26 19:09 - 000000000 __SHD C:\Users\Betty\IntelGraphicsProfiles
2019-03-09 12:21 - 2018-05-21 20:42 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2164851890-4157585229-2641369706-1001
2019-03-09 12:21 - 2018-05-21 20:17 - 000002417 _____ C:\Users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-09 12:21 - 2015-09-26 19:13 - 000000000 ___RD C:\Users\Betty\OneDrive
2019-03-08 14:17 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-08 14:13 - 2018-05-21 20:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-08 14:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-08 14:12 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-08 13:16 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 14:17 - 2017-08-17 05:55 - 000000000 ____D C:\Users\Betty\Documents\Backups
2019-03-07 05:47 - 2015-09-30 13:34 - 000000000 ____D C:\ProgramData\Trend Micro
2019-03-07 02:58 - 2017-02-02 14:03 - 000056784 _____ C:\Users\Betty\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-05 23:02 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-03-04 19:15 - 2015-09-26 20:49 - 000000000 ____D C:\Users\Betty\AppData\Local\Google
2019-03-04 19:15 - 2015-09-26 20:49 - 000000000 ____D C:\Program Files (x86)\Google
2019-03-04 19:12 - 2017-03-13 11:27 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Mozilla
2019-03-03 22:18 - 2017-03-13 11:27 - 000000000 ____D C:\Users\Betty\AppData\Roaming\Mozilla
2019-03-03 09:52 - 2018-08-05 11:58 - 000000000 ____D C:\Users\Betty\AppData\Local\Deployment
2019-03-03 08:16 - 2017-12-24 20:00 - 000000000 ____D C:\Users\Betty\AppData\Local\PlaceholderTileLogoFolder
2019-03-01 21:08 - 2018-05-21 20:16 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-01 21:08 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-01 16:14 - 2018-11-16 20:30 - 000000000 ____D C:\Program Files\rempl
2019-02-28 19:29 - 2015-09-28 15:58 - 000000000 ____D C:\Users\Betty\AppData\Local\ElevatedDiagnostics
2019-02-27 23:36 - 2016-04-19 13:00 - 000001937 _____ C:\Users\Betty\Desktop\This PC.lnk
2019-02-26 00:06 - 2017-09-15 22:32 - 000007873 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2019-02-25 22:51 - 2015-11-15 16:44 - 000000000 ____D C:\Users\Betty\AppData\LocalLow\Temp
2019-02-22 13:18 - 2017-09-15 22:32 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-02-20 18:10 - 2016-07-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2019-02-20 02:46 - 2018-10-15 16:27 - 000149816 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2019-02-16 21:41 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-16 20:23 - 2015-05-27 22:09 - 000000000 ____D C:\ProgramData\SoundResearch
2019-02-16 00:08 - 2015-05-27 22:26 - 000000000 ___HD C:\Program Files (x86)\Temp
2019-02-16 00:07 - 2017-09-15 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2019-02-15 23:55 - 2014-08-14 21:53 - 000000000 ____D C:\SWSETUP
2019-02-12 21:14 - 2018-05-21 20:12 - 000292504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-12 21:13 - 2018-05-21 20:17 - 000000000 ____D C:\Users\Betty
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-12 21:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-12 20:23 - 2015-09-27 14:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-12 20:10 - 2015-09-27 14:47 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-12 14:28 - 2018-05-21 20:42 - 000004594 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-02-12 14:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-02-12 14:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-02-08 11:40 - 2018-06-25 15:55 - 000000000 ____D C:\ProgramData\Packages
==================== Files in the root of some directories =======
2015-09-30 13:33 - 2015-09-30 13:33 - 000000036 _____ () C:\Users\Betty\AppData\Local\housecall.guid.cache
2015-11-15 16:59 - 2015-11-15 17:03 - 000007596 _____ () C:\Users\Betty\AppData\Local\resmon.resmoncfg
2015-09-30 15:42 - 2019-03-10 21:08 - 000000010 _____ () C:\Users\Betty\AppData\Local\sponge.last.runtime.cache
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-21 20:12
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01
Ran by Betty (10-03-2019 22:41:17)
Running from C:\Users\Betty\Desktop
Windows 10 Home Version 1803 17134.590 (X64) (2018-05-22 00:44:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2164851890-4157585229-2641369706-500 - Administrator - Disabled)
Betty (S-1-5-21-2164851890-4157585229-2641369706-1001 - Administrator - Enabled) => C:\Users\Betty
DefaultAccount (S-1-5-21-2164851890-4157585229-2641369706-503 - Limited - Disabled)
Guest (S-1-5-21-2164851890-4157585229-2641369706-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2164851890-4157585229-2641369706-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2164851890-4157585229-2641369706-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Maximum Security (Enabled - Up to date) {90387C74-1C56-9484-893C-8ADCB2906C3D}
AS: Trend Micro Maximum Security (Enabled - Up to date) {2B599D90-3A6C-9B0A-B38C-B1AEC9172680}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-36894e8b-c90e-427c-ae2a-b247e0928557) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-b604f961-de56-4501-9864-1d6762463dea) (Version: 3.0.2.48 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.850 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Coyote The Outlander (HKLM-x32\...\WTA-608ce4ff-cc42-41b5-9398-4cd698963d65) (Version: 3.0.2.59 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-69e19651-27cb-4c7f-81bd-8815adafe2bc) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Entwined: The Perfect Murder (HKLM-x32\...\WTA-a59f000f-4f7c-4db9-a1e9-de60f1eff1d1) (Version: 3.0.2.59 - WildTangent) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.1 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Odyssey 2 in 1 Pack (HKLM-x32\...\WTA-7e4596f9-f698-4423-9059-6f2ec458ffdb) (Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (HKLM-x32\...\WTA-adc560a4-bcc8-4ff6-8d6a-eedac7944174) (Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.10.49.21 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Imperial Island: Birth of an Empire (HKLM-x32\...\WTA-f694afab-de09-4929-9fe0-0bab0192fa05) (Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (HKLM-x32\...\WTA-8a302da5-94b8-4516-af7e-18958d817e37) (Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Lost Souls: Timeless Fables Collector's Edition (HKLM-x32\...\WTA-d32e524b-90d7-4878-9a46-4387666f93bb) (Version: 3.0.2.59 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-145a99eb-8bbc-42bd-8b32-2a18718681ed) (Version: 3.0.2.59 - WildTangent) Hidden
Manor Memoirs Collector's Edition (HKLM-x32\...\WTA-32a669c1-7479-4233-a31c-a120c160e2e9) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.2 (x64 en-US)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
Mystery Expedition: Prisoners of Ice (HKLM-x32\...\WTA-a5a91193-257f-4b6e-9e80-972be6b73608) (Version: 3.0.2.59 - WildTangent) Hidden
Plagiarii (HKLM-x32\...\WTA-524196b3-3f42-4695-95e8-e2968f32f2ba) (Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-8b05aefd-e9a5-4b3b-8d0b-949c0c1dcbbf) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Royal Envoy Double Pack (HKLM-x32\...\WTA-6cf0024a-e895-401a-b9e4-aa96c7d26f93) (Version: 3.0.2.59 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-81acb04d-ce05-46e6-a5a5-75c5c814b3c9) (Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (HKLM-x32\...\WTA-ff1e2f52-6956-49e2-818a-26b8e4675bd2) (Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (HKLM-x32\...\WTA-9a88e0e0-081d-4396-af4b-4cb7a327d918) (Version: 3.0.2.59 - WildTangent) Hidden
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-bcccc297-328b-40cb-a3e5-535ae467608e) (Version: 3.0.2.51 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 15.0 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2018-07-30] (Trend Micro, Inc. -> Trend Micro Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026B189A-F40F-4CED-AE8D-7845B34E4717} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {02E20B43-0E96-4B91-B82A-06298E110733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {1800A432-D9A1-4083-B15F-3FF793CF452B} - System32\Tasks\S-1-5-21-2164851890-4157585229-2641369706-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe (Microsoft Windows -> Microsoft Corporation)
Task: {1E55CA30-C895-4C7A-98B1-A80F608A5F7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe (HP Inc. -> HP Inc.)
Task: {27EEBD2C-18B4-489E-8C5F-6C9B8D836279} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {2C31936C-9BBF-4870-B8F0-8D747E1A9C6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe (HP Inc. -> HP Inc.)
Task: {3009178E-8F33-47B8-87C9-E8ED2B360B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {40B0F21A-28FC-4950-B23E-7E55C7586183} - System32\Tasks\HPCeeScheduleForBetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe (Hewlett-Packard Company -> Hewlett-Packard)
Task: {4E271199-71FC-43DC-B10B-3B686B6F557A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {5261B7F0-D1DC-4DC3-8B2C-3AA648788B30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {5E1EB23E-8FC1-4831-AA04-197054DD0291} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp74344.exe <==== ATTENTION
Task: {90CD6B83-53AD-49BB-888D-68DDB6A9B11E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe (HP Inc. -> )
Task: {ACEC5CCD-885C-4286-8B70-A732FD60364B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe (HP Inc. -> HP Inc.)
Task: {CECD24C8-C941-4041-BE18-F6DF7A187AEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {DAF2F41F-205F-458E-862F-862BA482A87A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EC1119CF-D161-4E84-8230-6645DD51A657} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {F6DACEBF-5F4C-45CF-98D2-8D7489796FC8} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {F83FD891-DD6C-4C31-92AB-505CF04846C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Betty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Betty - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
==================== Loaded Modules (Whitelisted) ==============
2016-07-22 16:31 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2016-07-22 16:31 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
2010-11-19 00:08 - 2010-11-19 00:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2011-04-14 09:16 - 2011-04-14 09:16 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 000206336 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 000082944 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll
2012-02-09 12:53 - 2012-02-09 12:53 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2018-11-17 20:07 - 000000828 _____ C:\WINDOWS\system32\drivers\etc\hosts
2016-02-18 17:48 - 2017-09-06 12:54 - 000000578 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
10.0.0.10 BettysPC2015.mshome.net # 2022 9 1 5 16 54 39 178
263
2.168.137.94 Bobs-Laptop.mshome.net # 2016 7 6 9 19 44 0 412
192.168.137.170 kindle-ed54a041b.mshome.net # 2016 6 4 30 19 16 49 990
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\Program Files\Broadcom\Broadcom 802.11;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-2164851890-4157585229-2641369706-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{B5890AC3-4B72-44F9-9881-3515B9B70767}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{CEA3456A-702B-409A-BD4D-9BD6E489A7EC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{697C232B-4940-47B3-98AA-B3720FB0A6AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{09A6533F-7CCF-4619-9447-51FA51EE983C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{A1810E64-86C0-4F4D-B9CC-97595361E1B7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5AB0314C-AFA0-4DBD-885B-9022BE760CA7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{588B5198-9D9F-416D-82D6-762F8560D7AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
==================== Restore Points =========================
20-02-2019 18:07:55 Installed Epson Software Updater
01-03-2019 00:43:14 Scheduled Checkpoint
03-03-2019 08:06:48 Windows Backup
10-03-2019 10:35:40 Windows Backup
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (03/08/2019 02:09:03 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
System errors:
=============
Error: (03/10/2019 10:32:52 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2019 06:33:19 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2019 04:16:20 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2019 03:31:14 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2019 10:33:42 AM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2019 08:19:21 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
Error: (03/09/2019 04:15:47 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
Error: (03/09/2019 12:16:32 PM) (Source: DCOM) (EventID: 10016) (User: BETTYSPC2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user BettysPC2015\Betty SID (S-1-5-21-2164851890-4157585229-2641369706-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
===================================
Date: 2018-08-11 09:38:28.156
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {801145B0-559C-462D-8445-762B4351C277}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-10 20:49:27.165
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D3E3215E-F7D7-4728-AB5F-447332B762D8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-10 20:25:43.132
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {79EDFD76-2BFB-4BA7-B6E1-194540CE6DFC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-08-13 18:19:20.134
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-08-08 10:24:55.473
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
Date: 2018-05-21 20:44:00.323
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===================================
Date: 2018-08-09 17:35:33.867
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:35:33.778
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:35:29.659
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:35:29.648
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:35:18.647
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:35:18.633
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:24:07.609
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\TmMon\2.6.0.2027\tmmon64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2018-08-09 17:24:07.539
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\tmumh\20019\AddOn\7.30.0.1099\TmUmEvt64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 75%
Total physical RAM: 4000.11 MB
Available physical RAM: 989.81 MB
Total Virtual: 8608.11 MB
Available Virtual: 3865.56 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:910.88 GB) (Free:844.99 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.31 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{7bb06320-42a1-44a7-bda8-4ef6c2e8d21e}\ (Windows RE tools ) (Fixed) (Total:1 GB) (Free:0.69 GB) NTFS
\\?\Volume{7c9f7e35-bb3c-4772-bb96-5e318270c952}\ () (Fixed) (Total:0.85 GB) (Free:0.46 GB) NTFS
\\?\Volume{e0112102-323a-46ce-949d-0c1f9340fbb3}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FA81AF41)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by Betty Boopster, 10 March 2019 - 08:47 PM.