Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

May be infected with Malware

Malware

  • Please log in to reply

#1
sg555

sg555

    Member

  • Member
  • PipPip
  • 52 posts

Not sure what is wrong with my pc. It is running extremely slow, monitor wont reboot when it goes to sleep, Malwarebytes Premium keeps turning off protection and wont let me turn it back on. I have to delete and reinstall the program.  Im not sure if my pc is infected or not. Ive attached Frst and addtion files.

Please advise,

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2019
Ran by Steve (administrator) on REGINA-PC (HP-Pavilion AZ237AV-ABA e9270t) (19-11-2019 17:34:06)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Regina & Steve & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Acronis International GmbH -> Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Acronis International GmbH -> Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Acronis International GmbH -> Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Acronis International GmbH -> Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc -> Google Inc.) C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company -> ) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc. -> Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NETGEAR TAIWAN CO., LTD -> ) C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] (Hewlett-Packard Company -> )
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Acronis International GmbH -> Seagate)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech, Inc. -> Logitech Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Acronis International GmbH -> Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis International GmbH -> Acronis)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [Google Update] => C:\Users\Steve\AppData\Local\Google\Update\1.3.35.342\GoogleUpdateCore.exe [218920 2019-11-04] (Google Inc -> Google LLC)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [610904 2018-07-22] (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-28] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\77.1.1831.91\Installer\chrmstp.exe [2019-10-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-03-01]
ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Photosmart 7510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN19S2516M05T5;CONNECTION=NW;MONITOR=1;
BootExecute: autocheck autochk * ᔃﺑ߾쉰ѫ
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032B19AE-E9AD-423D-BB1D-BD7F0FBAC5D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN7C1BW01F => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {05ECFC30-C8F0-4596-9E04-F2B94E01EB9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-03] (Google Inc -> Google Inc.)
Task: {1920CD5B-4E49-4CB2-85BF-4053A38E7162} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2035488 2019-09-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {1A39A1E2-E936-41B5-8E13-1BC4552D1CA7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {20AA7CE4-0424-470D-A760-F4210CEB605C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.)
Task: {237A0AC9-C199-449B-B1DC-250F924C655F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {273C2634-A768-484E-8817-CA7464FA959C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-19] (HP Inc. -> )
Task: {35D58A03-12F4-4962-9C7D-0382A326A8DA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2035488 2019-09-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {3B9230EA-329B-4CBE-9B38-84EABE7D2145} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {470382FC-DC77-4229-8A87-66F5AEE568C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {4B84274C-5130-4701-ADF5-B0B0344E6CD8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {52276221-F415-499F-9823-D32C03690B64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [250232 2019-10-08] (HP Inc. -> HP Inc.)
Task: {54CDB933-0997-4C50-87DF-A8696619CEB4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {55EEF9E5-A1DB-4AD0-915E-3C3FF8ABBF8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {5711D67D-EA9E-4F99-8100-59E097E8B693} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {674063A5-2BDA-4A6A-9325-758D3E18FA70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {6C4A0F8F-BD04-4428-AEAC-6515A4BA5C90} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6EF55D5A-E5BC-4B82-987B-4438A8959844} - System32\Tasks\{741744D3-7268-43AD-84D1-F49344875C38} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {7117C5B6-3D18-48C4-ACD5-0B1D7D8D6E8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {735CF81F-51B1-4880-8F57-119CBB1A1389} - System32\Tasks\{298ECBAF-17F5-488E-82C7-FC321004671D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [220704 2019-11-16] (Mozilla Corporation -> Mozilla Corporation)
Task: {76D67CF7-8AAF-4826-976F-B5126ED9BCDA} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296 2009-10-20] (CyberLink -> CyberLink Corp.)
Task: {78F0141A-4203-4895-8DB8-0B8E153F951F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-28] (Piriform Software Ltd -> Piriform Ltd)
Task: {853AC50A-5DFE-4018-BDA1-6B6379899181} - System32\Tasks\{94A42A8C-1DBB-4415-AA2E-92CCBA1F944B} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [220704 2019-11-16] (Mozilla Corporation -> Mozilla Corporation)
Task: {8EE694EA-F4F0-4DA4-B3A4-0A289E063CCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-13] (Adobe Inc. -> Adobe)
Task: {8F128C08-F15A-4D7F-9609-4AA07D55D073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN19S2516M => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)
Task: {9148BF86-8BDF-4022-8FEC-3374C2034E7E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_293_Plugin.exe [1457720 2019-11-13] (Adobe Inc. -> Adobe)
Task: {95CA6642-07A2-463A-A851-1A4A1FC84AB2} - System32\Tasks\{5607D9F5-3A98-4130-8046-CF06CE910B37} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [220704 2019-11-16] (Mozilla Corporation -> Mozilla Corporation)
Task: {9D117B48-607F-40F6-9994-DAEED5E01996} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {9FAB368E-F8F7-4DEA-91AC-D7B2B92FC966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-03] (Google Inc -> Google Inc.)
Task: {C1BC60F8-C0E0-4385-A44C-E8A937FC35D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {C1F4B8E3-FB2C-4665-BE61-B5A510DFA1C9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {C50759F0-F8E5-4C3E-B62A-21D7DD7E7119} - System32\Tasks\{0039EB85-BB77-4F6D-8048-EAE8DE0FAB33} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Downloads\HPSupportSolutionsFramework-12.0.30.81(1).exe -d C:\Users\Steve\Downloads
Task: {D18E5371-00BA-4F5E-B165-EFC04E727328} - System32\Tasks\hpUrlLauncher.exe_{6A615458-36D9-4058-B0C6-6EB3A9C8E82D} => C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe
Task: {D60F7AC2-1686-4CB1-8C26-4DBDA5111F87} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
Task: {DE463C6D-5B8D-4D89-AF86-AE24B4F23DDC} - System32\Tasks\{9E71131C-EBAD-48A4-B4E0-059B09F3FF57} => C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
Task: {E193F3EB-FBC3-4C68-AC99-DE67DAC64539} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99392 2016-05-12] (Hewlett-Packard Company -> HP Development Company, L.P.)
Task: {EE7672B7-72C7-4751-A3B8-2EBD658E8836} - System32\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-03] (Google Inc -> Google Inc.)
Task: {EF1A3863-9D0E-4732-8107-40E54A2B9EC8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216 2009-12-01] (CyberLink -> CyberLink)
Task: {F4D1241B-ED9C-416A-A9AB-5E2398F97EE6} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Steve\AppData\Roaming\HP Photo Creations\Communicator.exe [186080 2016-10-07] (RocketLife -> )
Task: {F5B976FD-920B-4189-858D-7B682586CB5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695 => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {FF3D1075-B80D-422D-AA23-02FECF8975A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-10-10] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Steve\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B632F6BD-3E77-4DA9-BB2D-A244E962DA21}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies SA -> Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll [2009-04-07] (Microsoft Corporation -> Microsoft Corp.)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29] (Skype Technologies SA -> Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: 4kmay8sq.default-1457302107351
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\4kmay8sq.default-1457302107351 [2019-11-19]
FF Homepage: Mozilla\Firefox\Profiles\4kmay8sq.default-1457302107351 -> www.yahoo.com
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\4kmay8sq.default-1457302107351\Extensions\[email protected] [2019-09-04]
FF Extension: (Avast Online Security) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\4kmay8sq.default-1457302107351\Extensions\[email protected] [2019-10-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\4kmay8sq.default-1457302107351\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_293.dll [2019-11-13] (Adobe Inc. -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] (Apple Inc. -> )
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-23] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Steve\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-16] (Visan Industries -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-4104090456-942970366-3307904469-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Steve\AppData\Local\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2019-11-19]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-27]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-27]
CHR Extension: (Avast Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-27]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2010-09-08] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [202392 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\77.1.1831.91\elevation_service.exe [1133064 2019-09-25] (AVAST Software s.r.o. -> AVAST Software)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [360312 2019-10-14] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-12] (IObit Information Technology -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-14] (Malwarebytes Inc -> Malwarebytes)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG -> Nero AG)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [233456 2017-07-03] (Netgear Incorporated -> NETGEAR)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG -> Nero AG)
R2 SgtSch2Svc; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [1128544 2013-10-30] (Acronis International GmbH -> Seagate)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7767552 2010-09-08] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [279040 2010-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104976 2016-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-28] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7767552 2010-09-08] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2019-11-14] (Malwarebytes Corporation -> Malwarebytes)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] (Logitech Inc -> )
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] (Logitech Inc -> )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [248480 2019-11-14] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-11-18] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [278344 2019-11-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-11-19] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2019-08-19] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [239616 2009-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Realtek )
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-09] (Acronis International GmbH -> Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-09] (Acronis International GmbH -> Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-09] (Acronis International GmbH -> Acronis International GmbH)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink -> CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-19 17:34 - 2019-11-19 17:34 - 000039987 _____ C:\Users\Steve\Downloads\FRST.txt
2019-11-19 17:32 - 2019-11-19 17:34 - 000000000 ____D C:\FRST
2019-11-19 17:31 - 2019-11-19 17:31 - 002260480 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2019-11-18 13:47 - 2019-11-19 17:13 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-11-18 13:47 - 2019-11-18 13:47 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-11-18 13:45 - 2019-11-19 16:52 - 000278344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-16 17:03 - 2019-11-16 17:03 - 000000000 ____D C:\Users\Regina\AppData\Local\cache
2019-11-14 19:19 - 2019-11-14 19:19 - 000000000 __SHD C:\found.003
2019-11-14 18:23 - 2019-11-14 18:23 - 000248480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-11-14 18:23 - 2019-11-14 18:23 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-14 18:23 - 2019-11-14 18:23 - 000001950 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-11-14 18:23 - 2019-11-14 18:23 - 000001950 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-11-14 18:23 - 2019-11-14 18:23 - 000000000 ____D C:\Users\Steve\AppData\Local\cache
2019-11-14 18:23 - 2019-11-14 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-14 18:22 - 2019-11-14 18:22 - 001883976 _____ (Malwarebytes) C:\Users\Steve\Downloads\MBSetup.exe
2019-11-13 15:35 - 2019-11-13 15:35 - 000000000 ____D C:\Users\Admin\AppData\Roaming\CyberLink
2019-11-13 14:50 - 2019-11-13 14:50 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Windows Live Writer
2019-11-13 14:50 - 2019-11-13 14:50 - 000000000 ____D C:\Users\Admin\AppData\Local\Windows Live Writer
2019-11-13 14:50 - 2019-11-13 14:50 - 000000000 ____D C:\Users\Admin\AppData\Local\{606768DE-68A3-4F5C-823D-5F4DCD0AE1CA}
2019-11-13 11:13 - 2019-11-13 11:13 - 000000000 _____ C:\Users\Admin\Documents\HPOJ8710_Fax_Port
2019-11-13 00:57 - 2019-11-05 13:29 - 004061624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-11-13 00:57 - 2019-11-05 13:29 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-11-13 00:57 - 2019-11-05 13:29 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-11-13 00:57 - 2019-11-05 13:27 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 002368000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-11-13 00:57 - 2019-11-05 13:25 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000627640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-11-13 00:57 - 2019-11-05 13:24 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:24 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:23 - 005553888 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-11-13 00:57 - 2019-11-05 13:23 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-11-13 00:57 - 2019-11-05 13:23 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-11-13 00:57 - 2019-11-05 13:23 - 000368352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-11-13 00:57 - 2019-11-05 13:23 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-11-13 00:57 - 2019-11-05 13:23 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-11-13 00:57 - 2019-11-05 13:22 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-11-13 00:57 - 2019-11-05 13:22 - 000115936 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2019-11-13 00:57 - 2019-11-05 13:21 - 001671296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 003247616 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000706560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000110592 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-11-13 00:57 - 2019-11-05 13:20 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 13:12 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-11-13 00:57 - 2019-11-05 13:03 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2019-11-13 00:57 - 2019-11-05 13:03 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2019-11-13 00:57 - 2019-11-05 12:58 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-11-13 00:57 - 2019-11-05 12:57 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2019-11-13 00:57 - 2019-11-05 12:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-11-13 00:57 - 2019-11-05 12:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2019-11-13 00:57 - 2019-11-05 12:55 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-11-13 00:57 - 2019-11-05 12:52 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-11-13 00:57 - 2019-11-05 12:52 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-11-13 00:57 - 2019-11-05 12:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-11-13 00:57 - 2019-11-05 12:52 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-11-13 00:57 - 2019-11-05 12:51 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-11-13 00:57 - 2019-11-05 12:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-11-13 00:57 - 2019-11-05 12:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-11-13 00:57 - 2019-11-05 12:51 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2019-11-13 00:57 - 2019-11-05 12:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-11-13 00:57 - 2019-11-05 12:51 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-11-13 00:57 - 2019-11-05 12:51 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 12:51 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 12:51 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 12:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-11-13 00:57 - 2019-11-05 12:50 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2019-11-13 00:57 - 2019-11-05 12:49 - 003232256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-11-13 00:57 - 2019-11-05 12:48 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-11-13 00:57 - 2019-11-05 12:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-11-13 00:57 - 2019-11-05 12:47 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-11-13 00:57 - 2019-11-05 12:44 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-11-13 00:57 - 2019-11-05 12:44 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-11-13 00:57 - 2019-11-05 12:44 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-11-13 00:57 - 2019-11-05 12:43 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-11-13 00:57 - 2019-11-05 12:43 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-11-13 00:57 - 2019-11-05 12:43 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-11-13 00:57 - 2019-11-05 12:42 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-11-13 00:57 - 2019-11-05 12:42 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-11-13 00:57 - 2019-11-05 11:43 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-11-13 00:57 - 2019-10-25 23:31 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-11-13 00:57 - 2019-10-25 22:40 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-11-13 00:57 - 2019-10-23 20:07 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-11-13 00:57 - 2019-10-23 19:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-11-13 00:57 - 2019-10-23 19:55 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-11-13 00:57 - 2019-10-23 19:43 - 002910720 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-11-13 00:57 - 2019-10-23 19:42 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-11-13 00:57 - 2019-10-23 19:41 - 000580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-11-13 00:57 - 2019-10-23 19:41 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-11-13 00:57 - 2019-10-23 19:41 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-11-13 00:57 - 2019-10-23 19:40 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-11-13 00:57 - 2019-10-23 19:34 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-11-13 00:57 - 2019-10-23 19:33 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-11-13 00:57 - 2019-10-23 19:31 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-11-13 00:57 - 2019-10-23 19:30 - 000797184 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-11-13 00:57 - 2019-10-23 19:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-11-13 00:57 - 2019-10-23 19:30 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-11-13 00:57 - 2019-10-23 19:29 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-11-13 00:57 - 2019-10-23 19:29 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-11-13 00:57 - 2019-10-23 19:23 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-11-13 00:57 - 2019-10-23 19:22 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-11-13 00:57 - 2019-10-23 19:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-11-13 00:57 - 2019-10-23 19:19 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-11-13 00:57 - 2019-10-23 19:12 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-11-13 00:57 - 2019-10-23 19:12 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-11-13 00:57 - 2019-10-23 19:11 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-11-13 00:57 - 2019-10-23 19:08 - 000496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-11-13 00:57 - 2019-10-23 19:08 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-11-13 00:57 - 2019-10-23 19:08 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-11-13 00:57 - 2019-10-23 19:08 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-11-13 00:57 - 2019-10-23 19:07 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-11-13 00:57 - 2019-10-23 19:07 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-11-13 00:57 - 2019-10-23 19:06 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-11-13 00:57 - 2019-10-23 19:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-11-13 00:57 - 2019-10-23 19:04 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-11-13 00:57 - 2019-10-23 19:04 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-11-13 00:57 - 2019-10-23 19:01 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-11-13 00:57 - 2019-10-23 19:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-11-13 00:57 - 2019-10-23 18:59 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-11-13 00:57 - 2019-10-23 18:58 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-11-13 00:57 - 2019-10-23 18:58 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-11-13 00:57 - 2019-10-23 18:57 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-11-13 00:57 - 2019-10-23 18:55 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-11-13 00:57 - 2019-10-23 18:53 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-11-13 00:57 - 2019-10-23 18:53 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-11-13 00:57 - 2019-10-23 18:51 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-11-13 00:57 - 2019-10-23 18:51 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-11-13 00:57 - 2019-10-23 18:49 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-11-13 00:57 - 2019-10-23 18:47 - 015445504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-11-13 00:57 - 2019-10-23 18:45 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-11-13 00:57 - 2019-10-23 18:45 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-11-13 00:57 - 2019-10-23 18:44 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-11-13 00:57 - 2019-10-23 18:42 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-11-13 00:57 - 2019-10-23 18:41 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-11-13 00:57 - 2019-10-23 18:40 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-11-13 00:57 - 2019-10-23 18:39 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-11-13 00:57 - 2019-10-23 18:39 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-11-13 00:57 - 2019-10-23 18:35 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-11-13 00:57 - 2019-10-23 18:33 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-11-13 00:57 - 2019-10-23 18:32 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-11-13 00:57 - 2019-10-23 18:32 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-11-13 00:57 - 2019-10-23 18:31 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-11-13 00:57 - 2019-10-23 18:28 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-11-13 00:57 - 2019-10-23 18:27 - 013838336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-11-13 00:57 - 2019-10-23 18:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-11-13 00:57 - 2019-10-23 18:13 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-11-13 00:57 - 2019-10-23 18:10 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-11-13 00:57 - 2019-10-23 18:09 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-11-13 00:57 - 2019-10-14 15:58 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-11-13 00:57 - 2019-10-14 15:58 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-11-13 00:57 - 2019-09-16 18:33 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-11-13 00:57 - 2019-09-16 18:28 - 000738816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-11-13 00:57 - 2019-09-09 18:27 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-11-13 00:57 - 2019-09-09 18:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-11-13 00:57 - 2019-09-09 16:09 - 001717760 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000802816 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-11-13 00:57 - 2019-09-09 16:09 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-11-13 00:55 - 2019-11-05 12:54 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-11-13 00:55 - 2019-11-05 12:46 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-11-07 18:45 - 2019-11-07 18:45 - 000000000 __SHD C:\found.002
2019-11-03 17:35 - 2019-11-03 17:35 - 000084744 _____ C:\Users\Regina\Documents\DS82_Complete-1 PASSPORT RENEWAL.pdf
2019-10-31 17:34 - 2019-11-03 13:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-28 11:27 - 2019-10-28 11:27 - 000052328 _____ () C:\Windows\system32\Drivers\staport.sys
2019-10-27 16:38 - 2019-10-02 21:10 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-10-27 16:04 - 2019-10-27 16:04 - 000000000 ____D C:\Users\Admin\AppData\Local\mbam
2019-10-27 14:33 - 2019-10-27 14:33 - 000000000 ____D C:\Users\Admin\Desktop\Old Firefox Data
2019-10-27 14:12 - 2019-11-16 12:45 - 000000000 ____D C:\Users\TEMP.Regina-PC
2019-10-27 14:12 - 2019-10-27 16:31 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-10-27 14:12 - 2015-03-15 19:20 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\IObit
2019-10-27 14:12 - 2015-03-05 07:13 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\Apple Computer
2019-10-27 14:12 - 2015-03-05 07:13 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Local\Apple Computer
2019-10-27 14:12 - 2012-10-12 17:21 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\TuneUp Software
2019-10-27 14:12 - 2010-03-09 09:49 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Local\Microsoft Help
2019-10-27 14:12 - 2010-01-14 20:00 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\Macromedia
2019-10-27 14:12 - 2009-07-13 23:44 - 000000000 ____D C:\Users\TEMP.Regina-PC\AppData\Roaming\Media Center Programs

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-19 17:19 - 2016-11-18 12:24 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2019-11-19 17:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2019-11-19 16:59 - 2009-07-13 20:45 - 000015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-19 16:59 - 2009-07-13 20:45 - 000015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-19 16:52 - 2017-03-05 17:05 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-19 16:51 - 2018-05-21 08:07 - 000000000 ____D C:\Users\Steve\AppData\Local\AVAST Software
2019-11-19 16:50 - 2012-09-09 11:49 - 000000000 ____D C:\Users\Steve\AppData\Local\NETGEARGenie
2019-11-19 16:49 - 2010-04-20 21:30 - 000000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2019-11-19 16:49 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-19 16:46 - 2016-10-07 17:08 - 000000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2019-11-18 13:45 - 2017-01-30 07:48 - 000000332 _____ C:\Windows\Tasks\HPCeeScheduleForSteve.job
2019-11-18 13:44 - 2016-11-28 10:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-11-18 13:44 - 2012-04-29 17:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-18 11:21 - 2019-08-19 09:44 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-11-18 11:21 - 2019-08-19 09:44 - 000002810 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2019-11-18 11:21 - 2019-06-24 14:24 - 000002984 _____ C:\Windows\system32\Tasks\{5607D9F5-3A98-4130-8046-CF06CE910B37}
2019-11-18 11:21 - 2019-06-24 14:24 - 000002984 _____ C:\Windows\system32\Tasks\{298ECBAF-17F5-488E-82C7-FC321004671D}
2019-11-18 11:21 - 2019-06-24 14:23 - 000002984 _____ C:\Windows\system32\Tasks\{94A42A8C-1DBB-4415-AA2E-92CCBA1F944B}
2019-11-18 11:21 - 2018-03-13 19:27 - 000004466 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-11-18 11:21 - 2017-01-30 07:48 - 000003186 _____ C:\Windows\system32\Tasks\HPCeeScheduleForSteve
2019-11-18 11:21 - 2016-10-07 17:08 - 000003406 _____ C:\Windows\system32\Tasks\HP Photo Creations Communicator
2019-11-18 11:21 - 2015-12-03 05:10 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2019-11-18 11:21 - 2015-10-12 12:59 - 000003192 _____ C:\Windows\system32\Tasks\{0039EB85-BB77-4F6D-8048-EAE8DE0FAB33}
2019-11-18 11:21 - 2015-07-17 15:52 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2019-11-18 11:21 - 2015-05-15 18:29 - 000003238 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003Core1d056e441f18695
2019-11-18 11:21 - 2015-05-14 18:13 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore1d0562650c58ac9
2019-11-18 11:21 - 2014-02-27 14:23 - 000002914 _____ C:\Windows\system32\Tasks\hpUrlLauncher.exe_{6A615458-36D9-4058-B0C6-6EB3A9C8E82D}
2019-11-18 11:21 - 2013-08-27 20:38 - 000003510 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-4104090456-942970366-3307904469-1003UA
2019-11-18 11:21 - 2012-03-29 20:54 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-11-18 11:21 - 2011-08-26 18:37 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-18 11:21 - 2010-10-18 06:37 - 000003230 _____ C:\Windows\system32\Tasks\SidebarExecute
2019-11-18 11:21 - 2010-06-11 12:11 - 000003164 _____ C:\Windows\system32\Tasks\DVDAgent
2019-11-18 11:21 - 2010-04-25 09:04 - 000003200 _____ C:\Windows\system32\Tasks\CLMLSvc
2019-11-18 11:21 - 2009-12-31 08:17 - 000002990 _____ C:\Windows\system32\Tasks\{9E71131C-EBAD-48A4-B4E0-059B09F3FF57}
2019-11-18 11:21 - 2009-12-31 08:17 - 000002990 _____ C:\Windows\system32\Tasks\{741744D3-7268-43AD-84D1-F49344875C38}
2019-11-14 19:41 - 2018-06-29 17:09 - 000000000 ____D C:\Users\Regina\AppData\Local\AVAST Software
2019-11-14 19:23 - 2015-03-15 19:19 - 000000000 ____D C:\ProgramData\ProductData
2019-11-14 18:23 - 2011-02-08 21:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-14 09:22 - 2009-07-13 21:13 - 000786578 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-13 21:20 - 2016-11-27 12:25 - 000000000 ____D C:\Users\Regina\AppData\LocalLow\Mozilla
2019-11-13 19:27 - 2012-03-29 20:54 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-11-13 19:27 - 2011-05-15 14:13 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-11-13 19:27 - 2010-10-08 11:52 - 000000000 ____D C:\Windows\system32\Macromed
2019-11-13 19:27 - 2009-12-22 23:02 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-11-13 18:47 - 2018-03-12 16:52 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2019-11-13 15:35 - 2015-03-11 19:44 - 000000000 ____D C:\Users\Admin\AppData\Local\Hewlett-Packard
2019-11-13 15:19 - 2015-03-04 20:54 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2019-11-13 13:36 - 2015-03-11 19:23 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Thunderbird
2019-11-13 13:15 - 2015-03-20 21:38 - 000000000 __SHD C:\Users\Admin\AppData\LocalLow\EmieUserList
2019-11-13 13:15 - 2015-03-20 21:38 - 000000000 __SHD C:\Users\Admin\AppData\LocalLow\EmieSiteList
2019-11-13 12:57 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2019-11-13 12:53 - 2018-03-12 19:25 - 000000000 ____D C:\Users\Admin\AppData\Local\NETGEARGenie
2019-11-13 11:13 - 2015-03-10 16:52 - 000000000 ____D C:\Users\Admin\AppData\Local\HP
2019-11-13 11:11 - 2016-10-07 17:38 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Adobe
2019-11-13 10:54 - 2016-06-19 16:49 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-11-13 10:43 - 2018-07-23 08:12 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2019-11-13 03:21 - 2009-07-13 20:45 - 000441240 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-13 03:18 - 2015-03-13 03:03 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-11-13 03:18 - 2015-03-13 03:03 - 000000000 ____D C:\Windows\system32\appraiser
2019-11-13 03:18 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-11-11 13:45 - 2013-08-27 20:15 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 15:22 - 2010-12-12 10:44 - 000000000 ____D C:\Users\Regina\AppData\Local\Nero
2019-11-08 15:22 - 2010-10-12 13:52 - 000000069 _____ C:\Windows\NeroDigital.ini
2019-11-07 19:11 - 2010-03-04 21:46 - 000000000 ____D C:\Windows\Minidump
2019-11-07 17:34 - 2015-08-28 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-11-07 17:34 - 2010-02-21 16:39 - 000000000 ____D C:\Program Files (x86)\Java
2019-11-07 17:33 - 2015-08-28 16:45 - 000114232 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-11-05 17:38 - 2010-10-09 12:33 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 13:09 - 2018-09-14 18:03 - 000000000 ____D C:\Program Files\CCleaner
2019-11-03 11:23 - 2017-08-26 06:47 - 000004047 _____ C:\Windows\wininit.ini
2019-10-28 10:21 - 2019-10-02 21:12 - 000003732 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-10-28 10:21 - 2019-10-02 21:12 - 000003150 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-10-28 10:21 - 2019-10-02 21:12 - 000002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-10-28 10:21 - 2019-10-02 21:12 - 000002388 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-10-28 10:21 - 2019-10-02 21:12 - 000002388 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2019-10-28 10:16 - 2009-12-28 16:37 - 000000000 ____D C:\Users\Regina
2019-10-27 16:41 - 2018-07-23 13:20 - 000002005 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-10-27 16:41 - 2018-07-23 13:20 - 000002005 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2019-10-27 16:36 - 2009-12-28 19:20 - 000000000 ____D C:\Users\Steve
2019-10-27 16:33 - 2009-12-28 19:20 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2019-10-27 16:32 - 2015-03-04 18:12 - 000000000 ____D C:\Users\Admin
2019-10-27 16:31 - 2019-10-19 19:58 - 000000000 ____D C:\Users\Regina\Desktop\pet-search_files
2019-10-27 16:31 - 2018-02-06 15:55 - 000000000 ____D C:\Users\Steve\Downloads\Voya Fund Performance_files
2019-10-27 16:31 - 2017-07-23 12:38 - 000000000 ____D C:\Users\Admin\AppData\Local\HP_Development_Company,_L
2019-10-27 16:31 - 2017-04-02 12:47 - 000000000 ____D C:\Users\Steve\AppData\Local\HP_Development_Company,_L
2019-10-27 16:31 - 2016-06-19 17:09 - 000000000 ____D C:\Users\Steve\Documents\Patio_files
2019-10-27 16:31 - 2016-06-19 16:15 - 000000000 ____D C:\Users\Steve\AppData\Local\RLPlatform
2019-10-27 16:31 - 2015-10-20 17:34 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2019-10-27 16:31 - 2015-10-20 17:34 - 000000000 ____D C:\Users\Steve\AppData\Roaming\HP Photo Creations
2019-10-27 16:31 - 2015-09-29 13:55 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2019-10-27 16:31 - 2015-03-25 05:19 - 000000000 ____D C:\Users\Regina\AppData\Roaming\ProductData
2019-10-27 16:31 - 2015-03-15 19:21 - 000000000 ____D C:\Users\Steve\AppData\Roaming\ProductData
2019-10-27 16:31 - 2015-03-15 19:19 - 000000000 ____D C:\Users\Admin\AppData\Roaming\ProductData
2019-10-27 16:31 - 2015-03-10 16:46 - 000000000 ____D C:\Users\Steve\Downloads\HP Downloads
2019-10-27 16:31 - 2015-03-10 16:33 - 000000000 ____D C:\Users\Steve\AppData\Local\Hewlett-Packard_Company
2019-10-27 16:31 - 2014-02-04 09:42 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2019-10-27 16:31 - 2013-11-14 12:20 - 000000000 ____D C:\Users\Steve\AppData\Roaming\BitLord
2019-10-27 16:31 - 2012-09-30 19:25 - 000000000 ____D C:\Users\Regina\AppData\Local\NETGEARGenie
2019-10-27 16:31 - 2012-03-30 08:58 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Visan
2019-10-27 16:31 - 2012-01-01 16:45 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Visan
2019-10-27 16:31 - 2012-01-01 16:26 - 000000000 ____D C:\Users\Regina\AppData\Local\HP
2019-10-27 16:31 - 2011-12-31 16:44 - 000000000 ____D C:\Users\Steve\AppData\Local\HP
2019-10-27 16:31 - 2011-01-15 17:04 - 000000000 ____D C:\Users\Regina\AppData\Local\Microsoft Help
2019-10-27 16:31 - 2010-12-12 15:08 - 000000000 ____D C:\Users\Steve\AppData\Local\Nero_AG
2019-10-27 16:31 - 2010-12-12 10:48 - 000000000 ____D C:\Users\Regina\AppData\Local\Nero_AG
2019-10-27 16:31 - 2010-06-15 11:00 - 000000000 ____D C:\Users\Steve\AppData\Local\Yahoo!
2019-10-27 16:31 - 2010-06-15 10:49 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Thunderbird
2019-10-27 16:31 - 2010-04-25 08:53 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Skype
2019-10-27 16:31 - 2010-04-20 21:12 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Skype
2019-10-27 16:31 - 2010-03-18 21:14 - 000000000 ____D C:\Users\Steve\AppData\Roaming\WinBatch
2019-10-27 16:31 - 2010-03-09 06:34 - 000000000 ____D C:\Users\Steve\AppData\Local\Microsoft Help
2019-10-27 16:31 - 2010-03-04 21:32 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Thunderbird
2019-10-27 16:31 - 2010-02-21 17:02 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2019-10-27 16:31 - 2010-01-31 13:34 - 000000000 ____D C:\Users\Regina\AppData\Roaming\CyberLink
2019-10-27 16:31 - 2009-12-28 19:20 - 000000000 ____D C:\Users\Steve\AppData\Roaming\PictureMover
2019-10-27 16:31 - 2009-12-28 19:20 - 000000000 ____D C:\Users\Steve\AppData\Local\Hewlett-Packard
2019-10-27 16:31 - 2009-12-28 17:32 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-10-27 16:31 - 2009-12-28 16:49 - 000000000 ____D C:\Users\Regina\AppData\Roaming\PictureMover
2019-10-27 16:31 - 2009-12-28 16:38 - 000000000 ____D C:\Users\Regina\AppData\Local\Hewlett-Packard
2019-10-27 16:31 - 2009-12-28 16:37 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2019-10-27 16:31 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2019-10-27 16:30 - 2015-08-28 16:44 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Oracle
2019-10-27 16:30 - 2015-08-27 18:28 - 000000000 ____D C:\Users\Steve\AppData\Roaming\AVAST Software
2019-10-27 16:30 - 2015-03-15 19:19 - 000000000 ____D C:\Users\Steve\AppData\Roaming\IObit
2019-10-27 16:30 - 2013-04-06 15:59 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Google
2019-10-27 16:30 - 2011-09-05 14:56 - 000000000 ____D C:\Users\Steve\AppData\Roaming\GlarySoft
2019-10-27 16:30 - 2010-10-28 12:24 - 000000000 ____D C:\Users\Steve\AppData\Roaming\FrostWire
2019-10-27 16:30 - 2010-07-18 12:56 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Adobe
2019-10-27 16:30 - 2010-02-21 16:39 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Sun
2019-10-27 16:30 - 2010-01-14 22:47 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Nero
2019-10-27 16:30 - 2009-12-28 19:22 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Mozilla
2019-10-27 16:30 - 2009-12-28 19:22 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Macromedia
2019-10-27 16:30 - 2009-12-28 19:22 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2019-10-27 16:30 - 2009-12-28 19:20 - 000000000 ____D C:\Users\Steve\AppData\Local\VirtualStore
2019-10-27 16:29 - 2015-08-27 19:46 - 000000000 ____D C:\Users\Regina\AppData\Roaming\AVAST Software
2019-10-27 16:29 - 2011-10-02 16:57 - 000000000 ____D C:\Users\Steve\AppData\Local\Logitech® Webcam Software
2019-10-27 16:29 - 2011-10-02 16:50 - 000000000 ____D C:\Users\Regina\AppData\Local\Logitech® Webcam Software
2019-10-27 16:29 - 2011-08-26 18:37 - 000000000 ____D C:\Users\Regina\AppData\Local\Google
2019-10-27 16:29 - 2010-10-09 12:33 - 000000000 ____D C:\Users\Steve\AppData\Local\Google
2019-10-27 16:29 - 2010-02-27 18:14 - 000000000 ____D C:\Users\Regina\AppData\Roaming\LimeWire
2019-10-27 16:29 - 2010-02-22 18:30 - 000000000 ____D C:\Users\Regina\AppData\LocalLow\Sun
2019-10-27 16:29 - 2010-02-20 16:13 - 000000000 ____D C:\Users\Regina\AppData\Local\NOS
2019-10-27 16:29 - 2010-01-21 21:45 - 000000000 ____D C:\Users\Regina\AppData\LocalLow\Adobe
2019-10-27 16:29 - 2010-01-17 12:10 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Nero
2019-10-27 16:29 - 2010-01-14 20:00 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe
2019-10-27 16:29 - 2009-12-29 22:03 - 000000000 ____D C:\Users\Steve\AppData\Local\Microsoft Games
2019-10-27 16:29 - 2009-12-28 20:44 - 000000000 ____D C:\Users\Regina\AppData\Local\Microsoft Games
2019-10-27 16:29 - 2009-12-28 19:22 - 000000000 ____D C:\Users\Steve\AppData\Local\Mozilla
2019-10-27 16:29 - 2009-12-28 17:14 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Mozilla
2019-10-27 16:29 - 2009-12-28 17:09 - 000000000 ____D C:\Users\Regina\AppData\Roaming\Adobe
2019-10-27 16:29 - 2009-12-28 16:49 - 000000000 ____D C:\Users\Regina\AppData\Local\VirtualStore
2019-10-27 16:26 - 2010-03-09 06:32 - 000000000 __RHD C:\MSOCache
2019-10-27 15:26 - 2015-03-15 20:31 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2019-10-27 14:42 - 2015-03-16 08:04 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2019-10-25 16:09 - 2010-01-31 22:20 - 000000085 _____ C:\Users\Regina\AppData\default.pls
2019-10-21 15:11 - 2013-11-14 11:44 - 000000000 ____D C:\temp
2019-10-21 12:46 - 2017-07-13 16:55 - 000007597 _____ C:\Users\Steve\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories ========

2013-11-14 12:20 - 2013-11-14 12:26 - 000000000 _____ () C:\Users\Steve\AppData\Roaming\bitlord_log.txt
2011-06-05 11:03 - 2011-06-05 11:03 - 000000122 _____ () C:\Users\Steve\AppData\Roaming\wklnhst.dat
2013-11-14 13:23 - 2013-11-14 13:23 - 000136531 _____ () C:\Users\Steve\AppData\Local\ars.cache
2013-11-14 13:23 - 2013-11-14 13:23 - 000305059 _____ () C:\Users\Steve\AppData\Local\census.cache
2010-11-23 08:30 - 2010-11-23 08:30 - 000000036 _____ () C:\Users\Steve\AppData\Local\housecall.guid.cache
2017-07-13 16:55 - 2019-10-21 12:46 - 000007597 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2015-03-17 11:57 - 2015-03-17 11:58 - 000039253 _____ () C:\Users\Steve\AppData\Local\tmp207 GREAT GABLE.0
2015-03-17 11:58 - 2015-03-17 11:58 - 000014617 _____ () C:\Users\Steve\AppData\Local\tmp207 GREAT GABLE.JPG
2019-01-04 15:54 - 2019-01-04 15:54 - 000000000 _____ () C:\Users\Steve\AppData\Local\{D5C3ED75-AA07-4A0C-8619-CD63BA8D068D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-11-09 17:54
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2019
Ran by Steve (19-11-2019 17:35:28)
Running from C:\Users\Steve\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2009-12-29 00:37:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-4104090456-942970366-3307904469-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-4104090456-942970366-3307904469-500 - Administrator - Disabled)
Guest (S-1-5-21-4104090456-942970366-3307904469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4104090456-942970366-3307904469-1002 - Limited - Enabled)
Regina (S-1-5-21-4104090456-942970366-3307904469-1001 - Limited - Enabled) => C:\Users\Regina
Steve (S-1-5-21-4104090456-942970366-3307904469-1003 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}) (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.293 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.293 - Adobe)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 77.1.1831.91 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.5.245.0 - AVAST Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
ccc-core-static (HKLM-x32\...\{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}) (Version: 2010.0310.1824.32984 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
ChromecastApp (HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FrostWire 4.21.1 (HKLM-x32\...\FrostWire) (Version: 4.21.1.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11000.25.1 - Nero AG) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3420 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP OfficeJet Pro 8710 Basic Device Software (HKLM\...\{B4398909-31F1-4889-8314-6464C5F7CCA1}) (Version: 40.11.1148.17181 - HP Inc.)
HP OfficeJet Pro 8710 Help (HKLM-x32\...\{92B8A892-1D92-407A-BF5E-26DCE71B9B12}) (Version: 38.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photo Creations (HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\HP Photo Creations) (Version: 1.0.0.22082 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.13.42.1 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}) (Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7230) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.7.2 - Mozilla)
Mozilla Thunderbird 60.9.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.9.1 (x86 en-US)) (Version: 60.9.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
Nero 8 Essentials (HKLM-x32\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.60.00 - NETGEAR Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.1.0 - Nikon)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1931 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.70 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-09-24] (Nero AG -> Nero AG)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers1-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers2-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers4-x32: [NeroShellExt] -> {F764812A-132C-4013-9960-5CBBEB408A0E} => C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll [2010-02-22] (Nero AG -> Nero AG)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2010-03-10] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-02] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} =>  -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [176416 2012-01-18] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [307488 2012-01-18] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2010-06-29 23:12 - 2010-06-29 23:12 - 000036864 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000005632 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000018944 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000040960 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000028672 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000131072 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000061440 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000007680 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2010-06-11 12:14 - 2010-03-03 19:08 - 000058880 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-03-02 20:17 - 2016-03-02 20:17 - 000136704 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2016-03-02 20:17 - 2016-03-02 20:17 - 000146944 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2016-01-14 18:06 - 2016-01-14 18:06 - 000057344 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2016-02-22 00:25 - 2016-02-22 00:25 - 000116224 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2015-08-24 00:41 - 2015-08-24 00:41 - 002360622 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2019-05-22 00:09 - 2019-05-22 00:09 - 000713728 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2018-07-19 20:31 - 2018-07-19 20:31 - 000168448 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2018-07-19 20:31 - 2018-07-19 20:31 - 000591872 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2019-05-15 00:07 - 2019-05-15 00:07 - 006903808 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2018-07-19 20:36 - 2018-07-19 20:36 - 002980352 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2019-05-15 00:07 - 2019-05-15 00:07 - 000967168 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2019-04-18 22:38 - 2019-04-18 22:38 - 001259520 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2018-11-21 17:58 - 2018-11-21 17:58 - 011973632 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2019-05-15 00:05 - 2019-05-15 00:05 - 002683392 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2019-05-22 01:51 - 2019-05-22 01:51 - 000278528 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2019-05-22 00:14 - 2019-05-22 00:14 - 000888832 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2018-11-20 02:34 - 2018-11-20 02:34 - 000422400 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2018-12-12 02:36 - 2018-12-12 02:36 - 000633344 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2018-07-19 20:33 - 2018-07-19 20:33 - 000433664 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-12-21 08:07 - 2014-12-21 08:07 - 000119822 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2014-12-21 08:07 - 2014-12-21 08:07 - 001026062 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000111616 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 002285056 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2016-03-02 20:17 - 2016-03-02 20:17 - 000074752 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000219648 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000049664 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000051200 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000051200 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\control\libhotkeys_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 001235456 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\misc\libxml_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000037376 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-06-27 14:23 - 2012-06-27 14:23 - 000070144 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2016-02-26 02:07 - 2016-02-26 02:07 - 000049152 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2016-08-15 00:28 - 2016-08-15 00:28 - 001125888 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2019-05-22 00:13 - 2019-05-22 00:13 - 001701376 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2016-03-02 20:17 - 2016-03-02 20:17 - 000072192 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2016-01-14 18:23 - 2016-01-14 18:23 - 000026112 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2016-04-11 22:13 - 2016-04-11 22:13 - 000067072 _____ () [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2019-05-16 02:39 - 2019-05-16 02:39 - 000170496 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9109216ecdcf9ae71a57b08b84995d99\IsdiInterop.ni.dll
2009-08-20 13:34 - 2009-08-20 13:34 - 000033792 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2009-08-20 13:34 - 2009-08-20 13:34 - 000110592 _____ (Hewlett-Packard Company) [File not signed] c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000032768 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000147456 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000032768 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000253952 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
2010-06-29 23:12 - 2010-06-29 23:12 - 000143360 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll
2008-05-07 19:59 - 2008-05-07 19:59 - 000034816 _____ (Hewlett-Packard Company) [File not signed] C:\Windows\System32\hpz3llhn.dll
2010-01-22 21:10 - 2008-05-07 19:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2010-06-29 23:13 - 2010-06-29 23:13 - 000040960 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CeeWriter.dll
2010-06-29 23:13 - 2010-06-29 23:13 - 002359296 _____ (HP) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
2010-06-11 12:14 - 2010-03-03 19:08 - 000163328 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2010-06-11 12:14 - 2010-03-03 19:08 - 001046528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2010-06-11 12:14 - 2010-03-03 18:53 - 000280064 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2019-05-16 02:39 - 2019-05-16 02:39 - 000176640 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\d56ef23c56dafafbd705bda28d96a1c3\IAStorDataMgr.ni.dll
2019-05-16 02:39 - 2019-05-16 02:39 - 000452608 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5c758e4d1dc449e6ad7cd1292aaf3bce\IAStorUtil.ni.dll
2009-10-23 01:18 - 2009-10-23 01:18 - 000151552 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Common.dll
2009-10-23 01:18 - 2009-10-23 01:18 - 000069632 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
2010-06-29 23:11 - 2010-06-29 23:11 - 000208896 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll
2009-12-22 23:10 - 2003-03-18 22:12 - 001047552 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\MFC71U.DLL
2009-12-22 23:10 - 2003-11-21 07:45 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\MSVCP71.dll
2009-12-22 23:10 - 2004-04-09 10:38 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\MSVCR71.dll
2018-11-08 19:38 - 2018-11-08 19:38 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2014-12-21 08:07 - 2014-12-21 08:07 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\libwinpthread-1.dll
2013-02-18 22:46 - 2013-02-18 22:46 - 000220160 _____ (NETGEAR Inc.) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll
2014-03-23 18:32 - 2014-03-23 18:32 - 000060273 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\pthreadGC2.dll
2013-02-10 17:35 - 2013-02-10 17:35 - 001178624 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\LIBEAY32.dll
2013-02-10 17:35 - 2013-02-10 17:35 - 000269824 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\ssleay32.dll
2015-10-12 11:44 - 2015-10-12 11:44 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2015-10-12 11:45 - 2015-10-12 11:45 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2015-10-12 11:45 - 2015-10-12 11:45 - 000246784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2015-10-12 11:58 - 2015-10-12 11:58 - 000366592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qmng.dll
2015-10-12 11:48 - 2015-10-12 11:48 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2015-10-12 11:58 - 2015-10-12 11:58 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtga.dll
2015-10-12 11:58 - 2015-10-12 11:58 - 000433664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtiff.dll
2015-10-12 11:58 - 2015-10-12 11:58 - 000027136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qwbmp.dll
2015-10-12 11:46 - 2015-10-12 11:46 - 001413632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2015-10-12 11:47 - 2015-10-12 11:47 - 000044544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2015-11-18 20:54 - 2015-11-18 20:54 - 005391360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Core.dll
2015-10-12 11:31 - 2015-10-12 11:31 - 005334528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Gui.dll
2015-10-12 11:26 - 2015-10-12 11:26 - 001528832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Network.dll
2015-10-12 11:42 - 2015-10-12 11:42 - 000334848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5OpenGL.dll
2016-04-12 18:52 - 2016-04-12 18:52 - 000357888 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5PrintSupport.dll
2015-10-12 11:48 - 2015-10-12 11:48 - 000331776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Svg.dll
2015-10-12 11:37 - 2015-10-12 11:37 - 006541824 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Widgets.dll
2015-10-12 11:25 - 2015-10-12 11:25 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\NETGEAR Genie\bin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4104090456-942970366-3307904469-1003\...\1001movie.com -> 1001movie.com

There are 6092 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2019-01-04 01:44 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Common Files\Seagate\SnapAPI\;C:\adb;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-4104090456-942970366-3307904469-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Regina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{2B0AF209-1555-4756-B4A0-69D3D73CC1F5}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [UDP Query User{3B7B3369-5038-4730-ADF8-36F0240309C4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [{D56B9723-5427-4BEF-A78D-521AA5B7B444}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6984740F-B1A4-4BED-9F45-4F3A7060FC80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{883FF213-AC56-409E-9775-3DF6142ED052}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [UDP Query User{66C1DC73-E976-463D-A164-5C3074E16DB5}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe (NETGEAR TAIWAN CO., LTD -> NETGEAR Inc.)
FirewallRules: [TCP Query User{618E5AEB-0278-4DCE-97B5-0D2FB15B3077}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EF3F29B8-F32B-4520-9992-650379250DFB}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E026A66E-F5FB-424D-B192-BC374308D920}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A215298-9AD6-4FD5-810C-940855BD3CD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B9B1E2FC-F763-4738-9F33-8E1DF03FEADD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{DC5C8652-F0BE-4086-B305-ECD8273AE731}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{FA4C7524-12F8-4543-A028-B14205AF99B2}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [UDP Query User{6DBDA91D-A861-4196-8722-785EC1960861}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Block) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{84F0D079-A0C5-46D9-A662-2D52BCD97728}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2F611382-C0BB-46A7-B5BF-FFE41B91E8ED}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS2026\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [{69ED76BF-5DD7-4D81-8EAB-7FF12DFDD5E6}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{4EC78A34-10BF-4B12-AA35-3181F88B947C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{0A231A1C-E7DA-4375-92FE-12240193E3B2}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{C7E4AC40-50BB-46A4-9937-D535B4A53A1D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D4089707-B1FB-4488-B245-3A042D87668E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{EA6589E4-CF5E-465B-A05E-7ED86AE1D253}] => (Allow) LPort=5357
FirewallRules: [{310001F7-02D9-4574-B4A9-7BB541C4F22C}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8710\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{116A34AD-80E5-4FED-8394-CF06A47BDC6C}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3718\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [{CFEAF4EE-42FE-4155-BA7D-4997CEFEE612}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS3718\HPDiagnosticCoreUI.exe (HP Inc. -> HPDC LP)
FirewallRules: [TCP Query User{3F8E85F6-1CE4-471D-B236-A2F4B55C154B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{1F7E4E2F-C229-41D1-8A25-2B7998772DBC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6072F275-2152-4238-B69B-CBB3A4ED706C}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [UDP Query User{A7F69602-E4C4-43E0-97C6-8F0D3361F438}C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{084E20DF-4E50-4108-80F8-2D10937FDFEB}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1815D64C-699A-486F-981D-919803D02228}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-11-2019 08:55:01 Windows Backup
13-11-2019 03:00:13 Windows Update
14-11-2019 09:02:38 Windows Update
18-11-2019 09:02:35 Windows Backup

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/19/2019 04:50:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 8.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (11/19/2019 04:50:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.8:5353   19 8.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (11/18/2019 08:48:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 133973019

Error: (11/18/2019 08:48:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 133973019

Error: (11/18/2019 08:47:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/16/2019 05:03:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 6.1.168.192.in-addr.arpa. PTR Regina-PC.local.

Error: (11/16/2019 05:03:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   19 6.1.168.192.in-addr.arpa. PTR Regina-PC-2.local.

Error: (11/16/2019 12:45:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4c8073ec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.24535, time stamp: 0x5dc1e97f
Exception code: 0xc06d007e
Fault offset: 0x0000c5af
Faulting process id: 0x1a00
Faulting application start time: 0x01d59cbed44daef4
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 12120797-08b2-11ea-a45e-40618637c484


System errors:
=============
Error: (11/19/2019 04:49:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:47:51 PM on ‎11/‎19/‎2019 was unexpected.

Error: (11/18/2019 02:54:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:38:37 PM on ‎11/‎18/‎2019 was unexpected.

Error: (11/18/2019 01:21:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/18/2019 01:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/18/2019 01:21:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/18/2019 01:21:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR7.

Error: (11/18/2019 08:50:30 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2019 12:45:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================

Date: 2012-03-09 19:33:07.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:33:07.824
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.792
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:55.752
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.891
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.861
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.351
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-03-09 19:32:41.311
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 5.09 11/05/2009
Motherboard: MSI Indio
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 59%
Total physical RAM: 8183.08 MB
Available physical RAM: 3276.59 MB
Total Virtual: 16364.31 MB
Available Virtual: 11082.17 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:915 GB) (Free:754.23 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:16.41 GB) (Free:5.49 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (HP) (Fixed) (Total:686.23 GB) (Free:648.39 GB) NTFS
Drive i: (FACTORY_IMAGE) (Fixed) (Total:12.31 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{95716598-c215-11e4-9556-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 17D88420)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,938 posts
  • MVP

I think your hard drive is on the way out.  I see several C:\found.00x directories.  These are created when Windows does a disk check and finds bad sectors.  These are recovered files but they aren't much use.  There is also a problem in the registry which might have an effect on the disk check so let's have FRST fix that then run a disk check.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   254bytes   0 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

1. Double-click Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.
Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 

sfc /scannow


(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.

 

Regardless of the sfc results:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Now let's look at your hard drive and a few other attributes:

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP