Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My PC seems very slow at start up [Closed]

Started by Steviep , Jan 09 2020 02:28 AM

This topic is locked

#1
Steviep

Posted 09 January 2020 - 02:28 AM

Member

Member
338 posts

Hi Everyone, I bought my PC about a year ago and it has always seemed to be very slow at start up, however recently this has become worse and I have a suspicion that it may have picked up some malware which is causing this, the PC is shared within the family.

I wonder if someone could have a look at this for me?

Kind regards

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020

Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Aspire XC-885) (09-01-2020 08:17:56)

Running from C:\Users\steve\Desktop

Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)

Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe

(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe

(Genesys Logic, Inc. -> Genesys Logic) C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe

(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe

(Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\BackItUp.exe

(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe

(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe

(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe

(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe

(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM\...\Run: [Endeavors Technologies JukeboxPlayer] => C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe [9502048 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)

HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-01] (Mixbyte Inc -> )

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "F:\unlock.exe" autoplay=true

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {047897D2-0360-490B-89BB-878BC9423040} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)

Task: {08D9BE40-BB0A-403B-9B9B-8DF56CFDFEBA} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)

Task: {11B6C694-1150-44F3-B15B-A1C079DD728E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {11FCE56F-B175-4196-AA30-03BB2A0E2BB7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {2E93BBB1-05A8-4B28-928B-AA4D117B8E19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Task: {36AE74CE-BD1E-43A6-9A88-92EB73F5C0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)

Task: {47C00096-32F7-494C-A133-CCA98FFC2435} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )

Task: {5226BDA0-2594-4B9F-A176-7BC3C41AEC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)

Task: {540D5833-3F7A-4540-9769-E5D0A977CAC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {561146FA-04F5-4530-ADC1-48FBA98F6514} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )

Task: {6F8BFCDB-2CBC-41B4-B2CA-2EFD6F5BB2A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe [1163128 2017-06-20] (Nero AG -> Nero AG)

Task: {8AE35E82-86B2-43A1-80B5-F3E464A1155C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7018264 2018-07-18] (Nero AG -> Nero AG)

Task: {90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)

Task: {9743CBBB-7CE1-4AEE-A56E-B7DFEC0277D6} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )

Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-10-30] (Acer Incorporated -> )

Task: {9C315710-0C24-47F7-927E-0AAE08F72DC2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-10-30] (Acer Incorporated -> )

Task: {9F1B1985-2EE8-43DD-B722-29C0BA9F7D46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe

Task: {A452D356-0C8D-441C-9D38-1882E43A46EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)

Task: {AA17C4EE-F13B-47F8-9012-0373286429A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {AF9D590B-8B7E-4437-9F30-E8A336DD0967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)

Task: {B3879CA8-817E-48A8-A00E-1BD925E9B8BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {BDA06BAF-CB4C-4664-BBE7-49E967E1CFD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)

Task: {DB4ABA68-17FF-47B6-ADCC-E1B15C2CBEDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {E254F695-21D1-4CB4-A94D-F66A063F0A75} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]

Task: {E8C1B7BD-683D-4D5D-8614-F00ACC3A4621} - System32\Tasks\App Explorer => C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-06] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION

Task: {EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [215856 2017-09-13] (Acer Incorporated -> TODO: <Company name>)

Task: {F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:

==================

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

Edge:

======

DownloadDir: C:\Users\steve\Downloads

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on

FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://google.co.uk/"

CHR Notifications: Default -> hxxps://www.epson.co.uk; hxxps://www.facebook.com; hxxps://www.tui.co.uk

CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2020-01-09]

CHR Extension: (Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-10]

CHR Extension: (Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-10]

CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-10]

CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-10]

CHR Extension: (Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-10]

CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]

CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]

CHR Extension: (Chrome Media Router) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-22]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)

S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-01] (Mixbyte Inc -> Freemake)

R2 GeneStorSvc; C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe [149592 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)

S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)

S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)

R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542872 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [765112 2018-04-25] (Intel® Trust Services -> Intel® Corporation)

S2 Intel® TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [731832 2018-04-25] (Intel® Trust Services -> Intel® Corporation)

R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe [647568 2019-04-30] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-02-07] (Intel® Wireless Connectivity Solutions -> )

R2 NeroBackItUpBackgroundService2018; C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe [287096 2017-06-20] (Nero AG -> Nero AG)

R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)

R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)

R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R2 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)

S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-09-13] (Acer Incorporated -> acer)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3851432 2018-02-07] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [200064 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)

R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094800 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)

S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73360 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136680 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)

R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9122296 2019-04-29] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2017-12-20] (Realtek Semiconductor Corp. -> Realtek )

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 08:17 - 2020-01-09 08:19 - 000029669 _____ C:\Users\steve\Desktop\FRST.txt

2020-01-09 08:16 - 2020-01-09 08:18 - 000000000 ____D C:\FRST

2020-01-09 08:15 - 2020-01-09 08:15 - 002573312 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe

2019-12-17 17:47 - 2019-12-17 17:47 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 006541712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 001677808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 001656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 001465264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 001201128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 000408736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll

2019-12-17 17:47 - 2019-12-17 17:47 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 009668408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 006444032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 003638272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2019-12-17 17:46 - 2019-12-17 17:46 - 003576832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2019-12-17 17:46 - 2019-12-17 17:46 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2019-12-17 17:46 - 2019-12-17 17:46 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 001668960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 001666440 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 001258296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000678672 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000505632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2019-12-17 17:46 - 2019-12-17 17:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin

2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-09 08:11 - 2018-10-10 20:44 - 000000000 ____D C:\Users\steve\Desktop\Stevies Music

2020-01-09 08:10 - 2019-02-19 19:59 - 000846492 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2020-01-09 08:10 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF

2020-01-09 08:09 - 2018-10-10 17:52 - 000000000 ____D C:\Users\steve\AppData\Local\Host App Service

2020-01-09 08:07 - 2019-02-19 20:02 - 000003534 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck

2020-01-09 08:05 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness

2020-01-09 08:05 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2020-01-09 08:04 - 2019-02-19 20:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2020-01-09 08:04 - 2019-02-19 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2020-01-07 15:52 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

2020-01-07 15:48 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps

2020-01-07 15:46 - 2018-10-10 19:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Host App Service

2020-01-07 15:41 - 2018-10-10 19:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles

2020-01-02 12:45 - 2018-10-10 19:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages

2019-12-22 18:02 - 2018-10-10 17:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages

2019-12-19 22:33 - 2018-10-10 19:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2019-12-19 22:33 - 2018-10-10 19:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2019-12-19 22:33 - 2018-10-10 19:55 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2019-12-19 22:16 - 2019-02-19 19:42 - 000588232 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2019-12-17 18:15 - 2018-09-15 06:09 - 001310720 _____ C:\WINDOWS\system32\config\BBI

2019-12-17 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\ShellExperiences

2019-12-17 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\bcastdvr

2019-12-17 18:02 - 2018-10-10 19:59 - 000000000 ____D C:\Users\Gillian\Desktop\ARF General

2019-12-17 17:57 - 2018-10-10 20:45 - 000000000 ____D C:\WINDOWS\system32\MRT

2019-12-17 17:53 - 2018-10-10 20:45 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2019-12-17 17:53 - 2018-09-15 07:23 - 000000000 ____D C:\WINDOWS\CbsTemp

2019-12-17 17:31 - 2018-10-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office

2019-12-17 17:26 - 2019-02-19 20:02 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

2019-12-17 17:26 - 2019-02-19 20:02 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

and

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020

Ran by steven (09-01-2020 08:19:38)

Running from C:\Users\steve\Desktop

Windows 10 Home Version 1809 17763.914 (X64) (2019-02-19 20:03:56)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)

Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian

Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)

Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah

steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve

WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)

Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)

Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)

Acer Jumpstart (HKLM-x32\...\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}) (Version: 3.2.18270.20 - Acer)

Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3005 - Acer Incorporated)

App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Host App Service) (Version: 0.273.3.727 - SweetLabs) <==== ATTENTION

calibre (HKLM-x32\...\{FD6B4DA3-5E7B-499E-841D-B797BED0CC47}) (Version: 3.48.0 - Kovid Goyal)

Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)

Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)

Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)

EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)

EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden

IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)

Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)

Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)

Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)

iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)

MAGIX Fastcut (Editing templates 1) (HKLM\...\{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden

MAGIX Fastcut (Editing templates 1) (HKLM\...\MX.{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH)

MAGIX Fastcut (Editing templates 2) (HKLM\...\{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden

MAGIX Fastcut (Editing templates 2) (HKLM\...\MX.{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH)

MAGIX Fastcut (HKLM\...\{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH) Hidden

MAGIX Fastcut (HKLM\...\MX.{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH)

Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden

MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)

Nero 2018 (HKLM-x32\...\{CFA36B53-7209-4A84-88D3-68CDFFB3C59B}) (Version: 19.0.03500 - Nero AG)

Nero 2018 Content Pack 1 (HKLM-x32\...\{7165E866-AD18-4780-8578-EBBAFA0408B0}) (Version: 19.0.00700 - Nero AG)

Nero 2018 Content Pack 2 (HKLM-x32\...\{4ADCBD86-F84B-4D5F-9D8E-3DF21EB83811}) (Version: 19.0.01000 - Nero AG)

Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden

Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden

Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:

=========

Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)

Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.22.8816.0_x86__q4d96b2w5wcc2 [2020-01-07] (Evernote)

Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-11] (Facebook Inc)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-17] (Apple Inc.) [Startup Task]

Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-05-16] (Facebook Inc)

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Studios) [MS Ad]

MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]

PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-06-29] (CYBERLINK COM CORP)

PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2018-07-12] (CYBERLINK COM CORP)

QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2018-10-10] (Acer Incorporated)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)

Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.1.7.0_x64__3c1yjt4zspk6g [2019-12-19] (Samsung Electronics Co. Ltd.)

Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-06-29] (Random Salad Games LLC) [MS Ad]

Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2018-07-12] (Random Salad Games LLC) [MS Ad]

Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_1.1.6.0_x86__1crh1k73ty8mg [2019-11-14] (Media Life)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-12-03 21:19 - 2018-12-03 21:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll

2019-03-06 21:45 - 2007-09-18 16:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll

2019-03-06 21:45 - 2007-09-10 15:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll

2019-03-06 21:45 - 2006-12-26 14:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll

2019-03-06 21:45 - 2004-11-17 16:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll

2019-03-06 21:45 - 2007-09-10 15:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll

2019-03-06 21:45 - 2006-08-30 01:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll

2019-02-22 17:01 - 2019-02-22 17:01 - 000704512 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll

2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll

2019-03-06 21:27 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2019-03-06 21:27 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 13:46 - 2017-09-29 13:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg

DNS Servers: 194.168.4.100 - 194.168.8.100

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"

HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )

FirewallRules: [{77259A9F-07D7-4765-AE66-E8863DFAB8A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File

FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{76160FCB-23E9-44C7-B7B4-267B19F98FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File

FirewallRules: [{7197BF68-838D-4363-8861-6BF58CA46EAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File

FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)

FirewallRules: [{3D202D25-7419-4351-AB12-F47701FDF589}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{FD7A0653-41F4-4E71-B8C5-AF429A19D91C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{9ADEFCFF-9482-44EA-A424-A120B8199C5A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)

FirewallRules: [{DF20B925-1023-4762-81E7-98EC3A4B2A1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe (Nero AG -> Nero AG)

FirewallRules: [{342937BD-E016-4532-A04F-FBEBD049AAF4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe (Nero AG -> Nero AG)

FirewallRules: [{7281B20E-EDC8-4CCB-8E0A-F2F49469F7D4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG)

FirewallRules: [{880BC1A5-BE3A-4458-8036-821E59639861}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\MediaHome.exe (Nero AG -> Nero AG)

FirewallRules: [{3A5D0AC9-B794-4203-9E59-FBFE5B54489D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)

FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{19E30E0A-0651-495C-A131-EBF39A65F1BD}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

FirewallRules: [{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )

FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )

FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )

FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )

FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )

FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )

FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )

FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )

FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )

FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )

FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )

FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )

FirewallRules: [{82A5AD19-DA39-4D7A-AD87-F36E470DECF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{8512E3DC-37D3-49EE-B00D-A3EEF04AD6F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File

FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File

FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{C1039280-49B6-4832-98CC-D463F2889E8D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)

FirewallRules: [{7EA9DDF8-F191-43B7-A76C-BB11E3A6BC28}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{199A4508-1E14-4F00-AE38-A60D93F67D7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{3D5EFFFA-6F4A-4044-86E7-6E9B961E8511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{1A428BDC-1F88-4673-B35F-3655BE2D5FBB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{8246BC88-4069-4038-A59F-AF64B15F5F43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{A943F6D2-56F7-4955-937F-4267CF4C9C42}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{326AC1FC-53C0-4969-B8F4-A712B661ED16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{25F2061C-BB02-4A73-9676-71C854DC77E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{2376D148-D1E5-4580-A54E-F2C18B2A12CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

10-12-2019 08:53:36 Scheduled Checkpoint

17-12-2019 17:33:51 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (12/02/2019 08:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5db94ffc

Faulting module name: KERNELBASE.dll, version: 10.0.17763.864, time stamp: 0xf9f56179

Exception code: 0xe0434352

Fault offset: 0x001219b2

Faulting process ID: 0x241c

Faulting application start time: 0x01d5a8e75de1c57b

Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

Report ID: 09bd0365-77ec-4fe7-adcf-5a21572cd3cf

Faulting package full name:

Faulting package-relative application ID:

Error: (12/02/2019 08:06:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

Description: Application: FreemakeUtilsService.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IO.FileNotFoundException

at FreemakeUtilsService.Program.Main(System.String[])

Error: (11/25/2019 01:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e

Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e

Exception code: 0xc0000005

Fault offset: 0x0000c55a

Faulting process ID: 0xda0

Faulting application start time: 0x01d5a1e6e342aec2

Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe

Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll

Report ID: fd45c914-f268-4024-999d-20b201032de0

Faulting package full name:

Faulting package-relative application ID:

Error: (11/19/2019 01:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e

Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e

Exception code: 0xc0000005

Fault offset: 0x0000c55a

Faulting process ID: 0xdc4

Faulting application start time: 0x01d59ede28b5539c

Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe

Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll

Report ID: 05d2b3d8-111a-4fb9-baa4-c94561a6c1a4

Faulting package full name:

Faulting package-relative application ID:

Error: (11/19/2019 01:30:28 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: HxAccounts.exe, version: 16.0.12026.20368, time stamp: 0x5db7a4b8

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.802, time stamp: 0x322dae8f

Exception code: 0xc000027b

Fault offset: 0x0000000000701a52

Faulting process ID: 0x43e8

Faulting application start time: 0x01d59ed8349981e8

Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxAccounts.exe

Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll

Report ID: 3a31e095-805a-4d81-91b4-8a168f4e8a06

Faulting package full name: microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: microsoft.windowslive.manageaccounts

Error: (11/19/2019 01:30:16 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e

Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e

Exception code: 0xc0000005

Fault offset: 0x0000c55a

Faulting process ID: 0xef4

Faulting application start time: 0x01d59ebfe3563543

Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe

Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll

Report ID: 2fced7ed-fc08-44ac-8cfb-33dd91f493eb

Faulting package full name:

Faulting package-relative application ID:

Error: (11/19/2019 10:08:43 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program explorer.exe version 10.0.17763.831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2eec

Start Time: 01d59ec0889dc3df

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 546597bb-93aa-40b2-a194-0c79a5cc1811

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-thread

Error: (11/14/2019 02:07:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: CLUpdater.exe, version: 2.2.0.12103, time stamp: 0x5a4c9a43

Faulting module name: CLUpdater.exe, version: 2.2.0.12103, time stamp: 0x5a4c9a43

Exception code: 0xc0000005

Fault offset: 0x0000000000031297

Faulting process ID: 0x2054

Faulting application start time: 0x01d59af4de81e54c

Faulting application path: C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292\PhotoDirector8\Presentation\UI\BigBang\Runtime\CLUpdater.exe

Faulting module path: C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292\PhotoDirector8\Presentation\UI\BigBang\Runtime\CLUpdater.exe

Report ID: 738a75df-f85f-4ead-91c0-07a8f1ce4ddb

Faulting package full name: CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292

Faulting package-relative application ID: PhotoDirector

System errors:

=============

Error: (01/09/2020 08:08:15 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}

and APPID

{15C20B67-12E7-4BB6-92BB-7AFF07997402}

to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscDataProtection

and APPID

Unavailable

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscBrokerManager

and APPID

Unavailable

Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.SecurityAppBroker

and APPID

Unavailable

Error: (01/09/2020 08:04:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)

Description: 3221225684A fatal error occurred processing the restoration data.

Error: (01/09/2020 08:04:50 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 16:23:08 on ‎07/‎01/‎2020 was unexpected.

Error: (01/07/2020 04:21:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}

and APPID

{15C20B67-12E7-4BB6-92BB-7AFF07997402}

Error: (01/07/2020 04:15:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}

and APPID

{15C20B67-12E7-4BB6-92BB-7AFF07997402}

Windows Defender:

===================================

Date: 2019-12-24 07:17:41.519

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {5028D16F-1EE8-4B46-8212-ED5728DB2FA3}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-02 08:48:10.836

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {C1065D35-E17D-4667-91F5-21287F712730}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-19 11:57:17.659

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {B58ABEA9-B9BD-4D0E-82A2-FD557A0961A9}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-10 13:26:47.474

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {60D6AB11-E0AC-4A3A-9708-1622A9776A4E}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-10 12:38:44.525

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {ACC8FBED-90F8-4551-9439-9AE4CD4CBA64}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-09-11 15:08:08.006

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.301.1036.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16300.1

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-19 12:38:27.456

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.299.2335.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-08-04 15:37:22.841

Description:

Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:

https://go.microsoft...80&enterprise=0

Name: HackTool:Win32/AutoKMS

ID: 2147685180

Severity: High

Category: Tool

Path: file:_G:\Microsoft Toolkit.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

Process Name: C:\Windows\explorer.exe

Action: Quarantine

Action Status: No additional actions required

Error Code: 0x80070005

Error description: Access is denied.

Signature Version: AV: 1.299.1229.0, AS: 1.299.1229.0, NIS: 1.299.1229.0

Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1

Date: 2019-07-30 06:49:50.359

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.299.825.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16200.1

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-07-15 06:56:04.789

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.297.756.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16100.4

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc R01-A2 05/08/2018

Motherboard: Acer Aspire XC-885

Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz

Percentage of memory in use: 47%

Total physical RAM: 8066.76 MB

Available physical RAM: 4245.22 MB

Total Virtual: 9346.76 MB

Available Virtual: 5393.71 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:465.19 GB) (Free:346.38 GB) NTFS

Drive d: (Data) (Fixed) (Total:465.2 GB) (Free:465.02 GB) NTFS

Drive f: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF

\\?\Volume{af1a4e76-2cab-42a1-b627-2319125239c2}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS

\\?\Volume{e98a5c0c-fd67-4cc4-8a80-21ad4146b416}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 2034C532)

Partition: GPT.

Attempted reading MBR returned 0 bytes.

Could not read MBR for disk 1.

==================== End of Addition.txt =======================

#2
DR M

Posted 09 January 2020 - 08:26 AM

The Grecian Geek

Malware Removal
4,109 posts

Hello, Steviep.

.
I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. You have to reply to my posts within three days. If you need some additional time, just let me know. If I don't get any reply from you within these three days, the topic will be closed. You can send me a PM if you still want help, after this period of time.

2. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

3. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

4. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

----------------------------------------------------------------------------------------------------------------------------

Please give me some time to go over your logs and I'll get back to you as soon as possible.

#3
DR M

Posted 09 January 2020 - 01:28 PM

The Grecian Geek

Malware Removal
4,109 posts

Hi, Steviep.

Please do the following:

1. Uninstall a program

Press the Windows icon key on your keyboard, together with the letter I (it's the capital I), to go to the Settings.
Choose Apps, and from the menu at the left make sure the Apps & features is selected.
In the apps & features list on the right side, find App explorer, click on it and select Uninstall.
Restart the computer.

2. Run a fix with FRST

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".

start::
closeprocesses:
createrestorepoint:
Task: {E8C1B7BD-683D-4D5D-8614-F00ACC3A4621} - System32\Tasks\App Explorer => C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-06] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
C:\Users\steve\AppData\Local\Host App Service
C:\Program Files\AVAST Software
C:\Users\steve\AppData\Roaming\BitTorrent
C:\Users\Gillian\AppData\Local\Host App Service
emptytemp:
end::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
Please post the log in your next reply.

3. Download and run MBAM

Download Malwarebytes and save it to your Desktop.
Once downloaded, close all programs and Windows on your computer.
Double-click on the icon on your desktop named mb3-setup-1878.1878-3.8.3.2965.exe. This will start the installation of MBAM onto your computer.
When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.
MBAM will now start. If not, double click the icon created on your Desktop.
Click Settings and when it opens, click the Protection tab. Scroll down and under Scan Options change the setting for Scan for Rootkits to On.
Chose Scan from the menu at the left, and having selected the Threat scan, click on Start Scan.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are not selected and close the program.
Open Malwarebytes again, select Reports from the menu at the left, find the log with the most recent date and click View Report. Chose Export to copy the log.
Paste its content here, in your next reply.

4. In your next reply please include:

The fixlog.txt
The Malwarebytes report content

#4
Steviep

Posted 09 January 2020 - 03:44 PM

Member

Topic Starter
Member
338 posts

Hi Dr M, Thanks you for helping. Here are the logs requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020

Ran by steven (09-01-2020 21:17:01) Run:1

Running from C:\Users\steve\Desktop

Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)

Boot Mode: Normal

==============================================

fixlist content:

*****************

closeprocesses:

createrestorepoint:

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]

FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)

FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File

FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File

C:\Users\steve\AppData\Local\Host App Service

C:\Program Files\AVAST Software

C:\Users\steve\AppData\Roaming\BitTorrent

C:\Users\Gillian\AppData\Local\Host App Service

emptytemp:

*****************

Processes closed successfully.

Restore point was successfully created.

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8C1B7BD-683D-4D5D-8614-F00ACC3A4621}" => not found

"C:\WINDOWS\System32\Tasks\App Explorer" => not found

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => not found

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

C:\Users\steve\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44B1D7D4-AC02-4C0A-A852-B640272B3C51}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A2C7EA2-F627-4DAD-983D-5475C678B65E}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}" => removed successfully

"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16EC4586-C454-4879-AD1C-1E923F1BDA6C}" => removed successfully

"C:\Users\steve\AppData\Local\Host App Service" => not found

C:\Program Files\AVAST Software => moved successfully

"C:\Users\steve\AppData\Roaming\BitTorrent" => not found

C:\Users\Gillian\AppData\Local\Host App Service => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 660774340 B

Java, Flash, Steam htmlcache => 0 B

Windows/system/drivers => 3094281 B

Edge => 7943319 B

Chrome => 535702022 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 0 B

LocalService => 0 B

NetworkService => 359556 B

steve => 123119266 B

Hannah => 181725212 B

Gillian => 241300804 B

RecycleBin => 0 B

EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:20:29 ====

and

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 09/01/2020

Scan Time: 21:29

Log File: 1e2d95f6-3327-11ea-9a98-94c69194fd4b.json

-Software Information-

Version: 3.8.3.2965

Components Version: 1.0.613

Update Package Version: 1.0.14255

Licence: Trial

-System Information-

OS: Windows 10 (Build 17763.914)

CPU: x64

File System: NTFS

User: DESKTOP-T3QOQ8M\steven

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 334098

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 10 min, 46 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

#5
DR M

Posted 10 January 2020 - 10:03 AM

The Grecian Geek

Malware Removal
4,109 posts

Hi, Steviep.

There are no obvious signs of malware on your computer. A few issues are present, but let's first update the operating system (OS). You have Windows 10 version 1809 installed, but the latest version is 1909. Since not keeping your OS updated can create a great security issue, checking for updates, and letting them download and install themselves is critical. Have in mind that the procedure may take a couple of hours, depending on your internet downloading speed too. You will not be able to use your computer after a certain step of the procedure, so you will have to wait for the updates completion.

Update your OS

Go to the Microsoft's download page here and under the title Windows 10 November 2019 Update, click on Update now.
Let the update get downloaded.
When prompted, choose that you want to keep files and apps in this computer.
The computer will shut down and restart many times.
When the updates are done, let the computer restart and log in Windows.

Fresh FRST logs

Run the FRST as you did before.
Click Scan.
When the scan completes, two files will open in Notepad: FRST.txt and Addition.txt.
Copy and paste the content of FRST.txt and Addition.txt logs in your next reply.

#6
Steviep

Posted 10 January 2020 - 02:03 PM

Member

Topic Starter
Member
338 posts

Hi Dr M,

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020

Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Aspire XC-885) (10-01-2020 19:59:25)

Running from C:\Users\steve\Desktop

Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)

Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United Kingdom)