Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My PC seems very slow at start up [Closed]


  • This topic is locked This topic is locked

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 322 posts

Hi Everyone, I bought my PC about a year ago and it has always seemed to be very slow at start up, however recently this has become worse and I have a suspicion that it may have picked up some malware which is causing this, the PC is shared within the family.

 

I wonder if someone could have a look at this for me?

 

Kind regards

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Aspire XC-885) (09-01-2020 08:17:56)
Running from C:\Users\steve\Desktop
Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(Genesys Logic, Inc. -> Genesys Logic) C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20410.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19101.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\BackItUp.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Endeavors Technologies JukeboxPlayer] => C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe [9502048 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-01] (Mixbyte Inc -> )
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\MountPoints2: {9674c4fe-ccbc-11e8-8391-7c2a317b0e98} - "F:\unlock.exe" autoplay=true
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-19] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {047897D2-0360-490B-89BB-878BC9423040} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {08D9BE40-BB0A-403B-9B9B-8DF56CFDFEBA} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {11B6C694-1150-44F3-B15B-A1C079DD728E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {11FCE56F-B175-4196-AA30-03BB2A0E2BB7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E93BBB1-05A8-4B28-928B-AA4D117B8E19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {36AE74CE-BD1E-43A6-9A88-92EB73F5C0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {47C00096-32F7-494C-A133-CCA98FFC2435} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )
Task: {5226BDA0-2594-4B9F-A176-7BC3C41AEC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {540D5833-3F7A-4540-9769-E5D0A977CAC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {561146FA-04F5-4530-ADC1-48FBA98F6514} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {6F8BFCDB-2CBC-41B4-B2CA-2EFD6F5BB2A3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe [1163128 2017-06-20] (Nero AG -> Nero AG)
Task: {8AE35E82-86B2-43A1-80B5-F3E464A1155C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7018264 2018-07-18] (Nero AG -> Nero AG)
Task: {90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)
Task: {9743CBBB-7CE1-4AEE-A56E-B7DFEC0277D6} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-10-30] (Acer Incorporated -> )
Task: {9C315710-0C24-47F7-927E-0AAE08F72DC2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-10-30] (Acer Incorporated -> )
Task: {9F1B1985-2EE8-43DD-B722-29C0BA9F7D46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe
Task: {A452D356-0C8D-441C-9D38-1882E43A46EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA17C4EE-F13B-47F8-9012-0373286429A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF9D590B-8B7E-4437-9F30-E8A336DD0967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {B3879CA8-817E-48A8-A00E-1BD925E9B8BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BDA06BAF-CB4C-4664-BBE7-49E967E1CFD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)
Task: {DB4ABA68-17FF-47B6-ADCC-E1B15C2CBEDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E254F695-21D1-4CB4-A94D-F66A063F0A75} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {E8C1B7BD-683D-4D5D-8614-F00ACC3A4621} - System32\Tasks\App Explorer => C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-06] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [215856 2017-09-13] (Acer Incorporated -> TODO: <Company name>)
Task: {F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\steve\Downloads
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.co.uk/"
CHR Notifications: Default -> hxxps://www.epson.co.uk; hxxps://www.facebook.com; hxxps://www.tui.co.uk
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2020-01-09]
CHR Extension: (Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-10]
CHR Extension: (Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-10]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-10]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-10]
CHR Extension: (Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-22]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-01] (Mixbyte Inc -> Freemake)
R2 GeneStorSvc; C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe [149592 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542872 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [765112 2018-04-25] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [731832 2018-04-25] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe [647568 2019-04-30] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-02-07] (Intel® Wireless Connectivity Solutions -> )
R2 NeroBackItUpBackgroundService2018; C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe [287096 2017-06-20] (Nero AG -> Nero AG)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-09-13] (Acer Incorporated -> acer)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3851432 2018-02-07] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [200064 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094800 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73360 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136680 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8723968 2018-09-15] (Microsoft Windows -> Intel Corporation)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9122296 2019-04-29] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2017-12-20] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-01-09 08:17 - 2020-01-09 08:19 - 000029669 _____ C:\Users\steve\Desktop\FRST.txt
2020-01-09 08:16 - 2020-01-09 08:18 - 000000000 ____D C:\FRST
2020-01-09 08:15 - 2020-01-09 08:15 - 002573312 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2019-12-17 17:47 - 2019-12-17 17:47 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 006541712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 001677808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 001656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 001465264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 001201128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 000408736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-17 17:47 - 2019-12-17 17:47 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 009668408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 006444032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 003638272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-17 17:46 - 2019-12-17 17:46 - 003576832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-17 17:46 - 2019-12-17 17:46 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-17 17:46 - 2019-12-17 17:46 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 001668960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 001666440 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 001258296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000678672 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000505632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-17 17:46 - 2019-12-17 17:46 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-12-17 17:46 - 2019-12-17 17:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-01-09 08:11 - 2018-10-10 20:44 - 000000000 ____D C:\Users\steve\Desktop\Stevies Music
2020-01-09 08:10 - 2019-02-19 19:59 - 000846492 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-09 08:10 - 2018-09-15 07:31 - 000000000 ____D C:\WINDOWS\INF
2020-01-09 08:09 - 2018-10-10 17:52 - 000000000 ____D C:\Users\steve\AppData\Local\Host App Service
2020-01-09 08:07 - 2019-02-19 20:02 - 000003534 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2020-01-09 08:05 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-09 08:05 - 2018-09-15 07:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-09 08:04 - 2019-02-19 20:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-09 08:04 - 2019-02-19 19:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-07 15:52 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-01-07 15:48 - 2018-09-15 07:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-07 15:46 - 2018-10-10 19:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Host App Service
2020-01-07 15:41 - 2018-10-10 19:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles
2020-01-02 12:45 - 2018-10-10 19:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages
2019-12-22 18:02 - 2018-10-10 17:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2019-12-19 22:33 - 2018-10-10 19:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-19 22:33 - 2018-10-10 19:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-19 22:33 - 2018-10-10 19:55 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-19 22:16 - 2019-02-19 19:42 - 000588232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-17 18:15 - 2018-09-15 06:09 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2019-12-17 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-17 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-17 18:02 - 2018-10-10 19:59 - 000000000 ____D C:\Users\Gillian\Desktop\ARF General
2019-12-17 17:57 - 2018-10-10 20:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-17 17:53 - 2018-10-10 20:45 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-17 17:53 - 2018-09-15 07:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-17 17:31 - 2018-10-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2019-12-17 17:26 - 2019-02-19 20:02 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-17 17:26 - 2019-02-19 20:02 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
and
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by steven (09-01-2020 08:19:38)
Running from C:\Users\steve\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-02-19 20:03:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)
Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian
Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)
Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah
steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}) (Version: 3.2.18270.20 - Acer)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3005 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Host App Service) (Version: 0.273.3.727 - SweetLabs) <==== ATTENTION
calibre (HKLM-x32\...\{FD6B4DA3-5E7B-499E-841D-B797BED0CC47}) (Version: 3.48.0 - Kovid Goyal)
Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)
iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)
MAGIX Fastcut (Editing templates 1) (HKLM\...\{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 1) (HKLM\...\MX.{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (Editing templates 2) (HKLM\...\{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 2) (HKLM\...\MX.{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (HKLM\...\{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (HKLM\...\MX.{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero 2018 (HKLM-x32\...\{CFA36B53-7209-4A84-88D3-68CDFFB3C59B}) (Version: 19.0.03500 - Nero AG)
Nero 2018 Content Pack 1 (HKLM-x32\...\{7165E866-AD18-4780-8578-EBBAFA0408B0}) (Version: 19.0.00700 - Nero AG)
Nero 2018 Content Pack 2 (HKLM-x32\...\{4ADCBD86-F84B-4D5F-9D8E-3DF21EB83811}) (Version: 19.0.01000 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.22.8816.0_x86__q4d96b2w5wcc2 [2020-01-07] (Evernote)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-11] (Facebook Inc)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-17] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-05-16] (Facebook Inc)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-06-29] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2018-07-12] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2018-10-10] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.1.7.0_x64__3c1yjt4zspk6g [2019-12-19] (Samsung Electronics Co. Ltd.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-06-29] (Random Salad Games LLC) [MS Ad]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2018-07-12] (Random Salad Games LLC) [MS Ad]
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_1.1.6.0_x86__1crh1k73ty8mg [2019-11-14] (Media Life)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2018-12-03 21:19 - 2018-12-03 21:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-06 21:45 - 2007-09-18 16:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll
2019-03-06 21:45 - 2007-09-10 15:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll
2019-03-06 21:45 - 2006-12-26 14:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll
2019-03-06 21:45 - 2004-11-17 16:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll
2019-03-06 21:45 - 2007-09-10 15:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll
2019-03-06 21:45 - 2006-08-30 01:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2019-02-22 17:01 - 2019-02-22 17:01 - 000704512 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
2019-03-06 21:27 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-03-06 21:27 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 13:46 - 2017-09-29 13:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )
FirewallRules: [{77259A9F-07D7-4765-AE66-E8863DFAB8A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{76160FCB-23E9-44C7-B7B4-267B19F98FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{7197BF68-838D-4363-8861-6BF58CA46EAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{3D202D25-7419-4351-AB12-F47701FDF589}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD7A0653-41F4-4E71-B8C5-AF429A19D91C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9ADEFCFF-9482-44EA-A424-A120B8199C5A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{DF20B925-1023-4762-81E7-98EC3A4B2A1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe (Nero AG -> Nero AG)
FirewallRules: [{342937BD-E016-4532-A04F-FBEBD049AAF4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe (Nero AG -> Nero AG)
FirewallRules: [{7281B20E-EDC8-4CCB-8E0A-F2F49469F7D4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{880BC1A5-BE3A-4458-8036-821E59639861}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{3A5D0AC9-B794-4203-9E59-FBFE5B54489D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{19E30E0A-0651-495C-A131-EBF39A65F1BD}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{82A5AD19-DA39-4D7A-AD87-F36E470DECF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8512E3DC-37D3-49EE-B00D-A3EEF04AD6F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{C1039280-49B6-4832-98CC-D463F2889E8D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{7EA9DDF8-F191-43B7-A76C-BB11E3A6BC28}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{199A4508-1E14-4F00-AE38-A60D93F67D7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3D5EFFFA-6F4A-4044-86E7-6E9B961E8511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A428BDC-1F88-4673-B35F-3655BE2D5FBB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8246BC88-4069-4038-A59F-AF64B15F5F43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A943F6D2-56F7-4955-937F-4267CF4C9C42}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{326AC1FC-53C0-4969-B8F4-A712B661ED16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{25F2061C-BB02-4A73-9676-71C854DC77E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2376D148-D1E5-4580-A54E-F2C18B2A12CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
10-12-2019 08:53:36 Scheduled Checkpoint
17-12-2019 17:33:51 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/02/2019 08:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5db94ffc
Faulting module name: KERNELBASE.dll, version: 10.0.17763.864, time stamp: 0xf9f56179
Exception code: 0xe0434352
Fault offset: 0x001219b2
Faulting process ID: 0x241c
Faulting application start time: 0x01d5a8e75de1c57b
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 09bd0365-77ec-4fe7-adcf-5a21572cd3cf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (12/02/2019 08:06:14 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Program.Main(System.String[])
 
Error: (11/25/2019 01:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e
Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e
Exception code: 0xc0000005
Fault offset: 0x0000c55a
Faulting process ID: 0xda0
Faulting application start time: 0x01d5a1e6e342aec2
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll
Report ID: fd45c914-f268-4024-999d-20b201032de0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/19/2019 01:45:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e
Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e
Exception code: 0xc0000005
Fault offset: 0x0000c55a
Faulting process ID: 0xdc4
Faulting application start time: 0x01d59ede28b5539c
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll
Report ID: 05d2b3d8-111a-4fb9-baa4-c94561a6c1a4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/19/2019 01:30:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxAccounts.exe, version: 16.0.12026.20368, time stamp: 0x5db7a4b8
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17763.802, time stamp: 0x322dae8f
Exception code: 0xc000027b
Fault offset: 0x0000000000701a52
Faulting process ID: 0x43e8
Faulting application start time: 0x01d59ed8349981e8
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\HxAccounts.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 3a31e095-805a-4d81-91b4-8a168f4e8a06
Faulting package full name: microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.windowslive.manageaccounts
 
Error: (11/19/2019 01:30:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e
Faulting module name: CFGMGR32.dll, version: 10.0.17763.1, time stamp: 0xb9d8035e
Exception code: 0xc0000005
Fault offset: 0x0000c55a
Faulting process ID: 0xef4
Faulting application start time: 0x01d59ebfe3563543
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll
Report ID: 2fced7ed-fc08-44ac-8cfb-33dd91f493eb
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/19/2019 10:08:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.17763.831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2eec
 
Start Time: 01d59ec0889dc3df
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 546597bb-93aa-40b2-a194-0c79a5cc1811
 
Faulting package full name: 
 
Faulting package-relative application ID: 
 
Hang type: Cross-thread
 
Error: (11/14/2019 02:07:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLUpdater.exe, version: 2.2.0.12103, time stamp: 0x5a4c9a43
Faulting module name: CLUpdater.exe, version: 2.2.0.12103, time stamp: 0x5a4c9a43
Exception code: 0xc0000005
Fault offset: 0x0000000000031297
Faulting process ID: 0x2054
Faulting application start time: 0x01d59af4de81e54c
Faulting application path: C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292\PhotoDirector8\Presentation\UI\BigBang\Runtime\CLUpdater.exe
Faulting module path: C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292\PhotoDirector8\Presentation\UI\BigBang\Runtime\CLUpdater.exe
Report ID: 738a75df-f85f-4ead-91c0-07a8f1ce4ddb
Faulting package full name: CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292
Faulting package-relative application ID: PhotoDirector
 
 
System errors:
=============
Error: (01/09/2020 08:08:15 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2020 08:07:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.SecurityAppBroker
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2020 08:04:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.
 
Error: (01/09/2020 08:04:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:23:08 on ‎07/‎01/‎2020 was unexpected.
 
Error: (01/07/2020 04:21:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/07/2020 04:15:24 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T3QOQ8M)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2019-12-24 07:17:41.519
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5028D16F-1EE8-4B46-8212-ED5728DB2FA3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-12-02 08:48:10.836
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C1065D35-E17D-4667-91F5-21287F712730}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-11-19 11:57:17.659
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B58ABEA9-B9BD-4D0E-82A2-FD557A0961A9}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-11-10 13:26:47.474
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {60D6AB11-E0AC-4A3A-9708-1622A9776A4E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-11-10 12:38:44.525
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ACC8FBED-90F8-4551-9439-9AE4CD4CBA64}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-09-11 15:08:08.006
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.301.1036.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-08-19 12:38:27.456
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.2335.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-08-04 15:37:22.841
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: file:_G:\Microsoft Toolkit.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x80070005
Error description: Access is denied. 
Signature Version: AV: 1.299.1229.0, AS: 1.299.1229.0, NIS: 1.299.1229.0
Engine Version: AM: 1.1.16200.1, NIS: 1.1.16200.1
 
Date: 2019-07-30 06:49:50.359
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.299.825.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16200.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-07-15 06:56:04.789
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.756.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc R01-A2 05/08/2018
Motherboard: Acer Aspire XC-885
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 8066.76 MB
Available physical RAM: 4245.22 MB
Total Virtual: 9346.76 MB
Available Virtual: 5393.71 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:465.19 GB) (Free:346.38 GB) NTFS
Drive d: (Data) (Fixed) (Total:465.2 GB) (Free:465.02 GB) NTFS
Drive f: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
 
\\?\Volume{af1a4e76-2cab-42a1-b627-2319125239c2}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.6 GB) NTFS
\\?\Volume{e98a5c0c-fd67-4cc4-8a80-21ad4146b416}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2034C532)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hello, Steviep.  :)

.
I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

 

Adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. You have to reply to my posts within three days. If you need some additional time, just let me know. If I don't get any reply from you within these three days, the topic will be closed. You can send me a PM if you still want help, after this period of time.

2. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

3. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the proceedure, unless I ask you to do so.

4. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

 

----------------------------------------------------------------------------------------------------------------------------

 

Please give me some time to go over your logs and I'll get back to you as soon as possible.


  • 0

#3
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Steviep.

Please do the following:

 

1. Uninstall a program

  • Press the Windows icon key on your keyboard, together with the letter I (it's the capital I), to go to the Settings.
  • Choose Apps, and from the menu at the left make sure the Apps & features is selected.
  • In the apps & features list on the right side, find App explorer, click on it and select Uninstall.
  • Restart the computer.

 

2. Run a fix with FRST

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".
start::
closeprocesses:
createrestorepoint:
Task: {E8C1B7BD-683D-4D5D-8614-F00ACC3A4621} - System32\Tasks\App Explorer => C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-06] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
C:\Users\steve\AppData\Local\Host App Service
C:\Program Files\AVAST Software
C:\Users\steve\AppData\Roaming\BitTorrent
C:\Users\Gillian\AppData\Local\Host App Service
emptytemp:
end::


  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.

 

3. Download and run MBAM

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named mb3-setup-1878.1878-3.8.3.2965.exe. This will start the installation of MBAM onto your computer.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave Launch Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.
  • MBAM will now start. If not, double click the icon created on your Desktop.
  • Click Settings and when it opens, click the Protection tab. Scroll down and under Scan Options change the setting for Scan for Rootkits to On.
  • Chose Scan from the menu at the left, and having selected the Threat scan, click on Start Scan.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are not selected and close the program.
  • Open Malwarebytes again, select Reports from the menu at the left, find the log with the most recent date and click View Report. Chose Export to copy the log.
  • Paste its content here, in your next reply.

 

4. In your next reply please include:

  • The fixlog.txt
  • The Malwarebytes report content

  • 0

#4
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M, Thanks you for helping. Here are the logs requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by steven (09-01-2020 21:17:01) Run:1
Running from C:\Users\steve\Desktop
Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
closeprocesses:
createrestorepoint:
Task: {E8C1B7BD-683D-4D5D-8614-F00ACC3A4621} - System32\Tasks\App Explorer => C:\Users\steve\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7470248 2020-01-06] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\steve\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
FirewallRules: [{44B1D7D4-AC02-4C0A-A852-B640272B3C51}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{5A2C7EA2-F627-4DAD-983D-5475C678B65E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
FirewallRules: [{16EC4586-C454-4879-AD1C-1E923F1BDA6C}] => (Allow) C:\Users\steve\AppData\Roaming\BitTorrent\BitTorrent.exe No File
C:\Users\steve\AppData\Local\Host App Service
C:\Program Files\AVAST Software
C:\Users\steve\AppData\Roaming\BitTorrent
C:\Users\Gillian\AppData\Local\Host App Service
emptytemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8C1B7BD-683D-4D5D-8614-F00ACC3A4621}" => not found
"C:\WINDOWS\System32\Tasks\App Explorer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\Users\steve\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44B1D7D4-AC02-4C0A-A852-B640272B3C51}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5A2C7EA2-F627-4DAD-983D-5475C678B65E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A16AA1A2-B7B2-464D-85E4-57CFA6A4FEED}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16EC4586-C454-4879-AD1C-1E923F1BDA6C}" => removed successfully
"C:\Users\steve\AppData\Local\Host App Service" => not found
C:\Program Files\AVAST Software => moved successfully
"C:\Users\steve\AppData\Roaming\BitTorrent" => not found
C:\Users\Gillian\AppData\Local\Host App Service => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 660774340 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3094281 B
Edge => 7943319 B
Chrome => 535702022 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 359556 B
steve => 123119266 B
Hannah => 181725212 B
Gillian => 241300804 B
 
RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:20:29 ====
 
and
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 09/01/2020
Scan Time: 21:29
Log File: 1e2d95f6-3327-11ea-9a98-94c69194fd4b.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.14255
Licence: Trial
 
-System Information-
OS: Windows 10 (Build 17763.914)
CPU: x64
File System: NTFS
User: DESKTOP-T3QOQ8M\steven
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 334098
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 10 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#5
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Steviep.

 

There are no obvious signs of malware on your computer. A few issues are present, but let's first update the operating system (OS). You have Windows 10 version 1809 installed, but the latest version is 1909. Since not keeping your OS updated can create a great security issue, checking for updates, and letting them download and install themselves is critical. Have in mind that the procedure may take a couple of hours, depending on your internet downloading speed too. You will not be able to use your computer after a certain step of the procedure, so you will have to wait for the updates completion.

 

Update your OS

  • Go to the Microsoft's download page here and under the title Windows 10 November 2019 Update, click on Update now.
  • Let the update get downloaded.
  • When prompted, choose that you want to keep files and apps in this computer.
  • The computer will shut down and restart many times.
  • When the updates are done, let the computer restart and log in Windows.

 

Fresh FRST logs

  • Run the FRST as you did before.
  • Click Scan.
  • When the scan completes, two files will open in Notepad: FRST.txt and Addition.txt.
  • Copy and paste the content of FRST.txt and Addition.txt logs in your next reply.

  • 0

#6
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M,

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2020
Ran by steven (administrator) on DESKTOP-T3QOQ8M (Acer Aspire XC-885) (10-01-2020 19:59:25)
Running from C:\Users\steve\Desktop
Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(Genesys Logic, Inc. -> Genesys Logic) C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Mixbyte Inc -> Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\BackItUp.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe
(Numecent, Inc. -> Numecent, Inc.) C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2018-02-13] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Endeavors Technologies JukeboxPlayer] => C:\Program Files\Numecent\Application Jukebox Player\JukeboxPlayer.exe [9502048 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-01] (Mixbyte Inc -> )
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.117\Installer\chrmstp.exe [2020-01-10] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {047897D2-0360-490B-89BB-878BC9423040} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {08D9BE40-BB0A-403B-9B9B-8DF56CFDFEBA} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {11B6C694-1150-44F3-B15B-A1C079DD728E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {11FCE56F-B175-4196-AA30-03BB2A0E2BB7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2107800 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E93BBB1-05A8-4B28-928B-AA4D117B8E19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {36AE74CE-BD1E-43A6-9A88-92EB73F5C0D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {47C00096-32F7-494C-A133-CCA98FFC2435} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )
Task: {5226BDA0-2594-4B9F-A176-7BC3C41AEC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {561146FA-04F5-4530-ADC1-48FBA98F6514} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4696880 2018-05-28] (Acer Incorporated -> )
Task: {74C892B5-18A8-4E50-8C75-BE40397E021F} - System32\Tasks\CareCenter\Nero BackItUp_Reg_HKLMWow6432Run => C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe [1163128 2017-06-20] (Nero AG -> Nero AG)
Task: {8AE35E82-86B2-43A1-80B5-F3E464A1155C} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7018264 2018-07-18] (Nero AG -> Nero AG)
Task: {90F2304A-3E30-46CC-B1A9-CDA9E41B86DC} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)
Task: {9743CBBB-7CE1-4AEE-A56E-B7DFEC0277D6} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {99623E9F-1E61-4B4C-B0CD-67B8BA5B9560} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920752 2017-10-30] (Acer Incorporated -> )
Task: {9C315710-0C24-47F7-927E-0AAE08F72DC2} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2017-10-30] (Acer Incorporated -> )
Task: {A0F7A91E-3E93-4DEA-96D7-B1E9A3B6D43F} - System32\Tasks\CareCenter\SecurityHealth_Reg_HKLMRun => C:\Program Files\Windows Defender\MSASCuiL.exe
Task: {A452D356-0C8D-441C-9D38-1882E43A46EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {AA17C4EE-F13B-47F8-9012-0373286429A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF9D590B-8B7E-4437-9F30-E8A336DD0967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-10] (Google Inc -> Google Inc.)
Task: {B3879CA8-817E-48A8-A00E-1BD925E9B8BA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155472 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BDA06BAF-CB4C-4664-BBE7-49E967E1CFD4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6072640 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF342BB0-ADA7-44F2-925B-A375009F6CEA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [474368 2018-08-03] (Acer Incorporated -> Acer Incorporated)
Task: {E254F695-21D1-4CB4-A94D-F66A063F0A75} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {EAB7A5E4-8512-4B60-A2A4-95F1DA20556E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [215856 2017-09-13] (Acer Incorporated -> TODO: <Company name>)
Task: {F600DCA5-31C6-4BFA-BF87-A7FB03584C8F} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [447280 2019-09-27] (Acer Incorporated -> Acer Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{47a49dfe-5532-4bd4-b40a-03730b7d6cd7}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
 
Edge: 
======
DownloadDir: C:\Users\steve\Downloads
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-03-06] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-17] (Google LLC -> Google LLC)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.co.uk/"
CHR Notifications: Default -> hxxps://www.epson.co.uk; hxxps://www.facebook.com; hxxps://www.tui.co.uk
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default [2020-01-10]
CHR Extension: (Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-10]
CHR Extension: (Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-10]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-10]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-10]
CHR Extension: (Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-10]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-22]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-10-01] (Mixbyte Inc -> Freemake)
R2 GeneStorSvc; C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe [149592 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)
S4 HfcDisableService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\HfcDisableService.exe [1710736 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfsService; C:\WINDOWS\System32\iaStorAfsService.exe [2788496 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542872 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [765112 2018-04-25] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [731832 2018-04-25] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe [647568 2019-04-30] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-02-07] (Intel® Wireless Connectivity Solutions -> )
R2 NeroBackItUpBackgroundService2018; C:\Program Files (x86)\Nero\Nero 2018\Nero BackItUp\NBService.exe [287096 2017-06-20] (Nero AG -> Nero AG)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [523568 2019-09-27] (Acer Incorporated -> Acer Incorporated)
R2 RstMwService; C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_8559c34713c70ce4\RstMwService.exe [1969288 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [833824 2019-01-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 StreamingCore; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [6788416 2018-01-05] (Numecent, Inc. -> Numecent, Inc.)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [299824 2017-09-13] (Acer Incorporated -> acer)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3851432 2018-02-07] (Intel® Wireless Connectivity Solutions -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [200064 2017-12-24] (Genesys Logic, Inc. -> Genesys Logic)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094800 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [73360 2018-12-06] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136680 2018-02-15] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116832 2020-01-10] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [9122296 2019-04-29] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010624 2017-12-20] (Realtek Semiconductor Corp. -> Realtek )
R2 StreamingFSD; C:\WINDOWS\System32\DRIVERS\StreamingFSD.sys [791288 2018-01-08] (Numecent, Inc. -> Numecent, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-01-10 19:59 - 2020-01-10 20:00 - 000026023 _____ C:\Users\steve\Desktop\FRST.txt
2020-01-10 19:57 - 2020-01-10 19:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-01-10 19:55 - 2020-01-10 19:55 - 000000020 ___SH C:\Users\steve\ntuser.ini
2020-01-10 19:55 - 2020-01-10 19:55 - 000000000 ____D C:\Users\steve\AppData\Local\PackageStaging
2020-01-10 18:43 - 2020-01-10 19:57 - 000003534 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2020-01-10 18:43 - 2020-01-10 18:44 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2020-01-10 18:43 - 2020-01-10 18:44 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2020-01-10 18:43 - 2020-01-10 18:44 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-01-10 18:43 - 2020-01-10 18:44 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1003
2020-01-10 18:43 - 2020-01-10 18:44 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1002
2020-01-10 18:43 - 2020-01-10 18:44 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1741543102-3776721137-2454621359-1001
2020-01-10 18:43 - 2020-01-10 18:44 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2020-01-10 18:43 - 2020-01-10 18:44 - 000002766 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2020-01-10 18:43 - 2020-01-10 18:44 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2020-01-10 18:43 - 2020-01-10 18:43 - 000003692 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.1.16258
2020-01-10 18:43 - 2020-01-10 18:43 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-01-10 18:43 - 2020-01-10 18:43 - 000002820 _____ C:\WINDOWS\system32\Tasks\ACC
2020-01-10 18:43 - 2020-01-10 18:43 - 000002630 _____ C:\WINDOWS\system32\Tasks\Acer Collection Monitor Application
2020-01-10 18:43 - 2020-01-10 18:43 - 000002596 _____ C:\WINDOWS\system32\Tasks\Acer Collection Application
2020-01-10 18:43 - 2020-01-10 18:43 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2020-01-10 18:43 - 2020-01-10 18:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-10 18:43 - 2020-01-10 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2020-01-10 18:43 - 2020-01-10 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Nero
2020-01-10 18:43 - 2020-01-10 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2020-01-10 18:43 - 2020-01-10 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2020-01-10 18:43 - 2020-01-10 18:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-01-10 18:42 - 2020-01-10 18:43 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2020-01-10 18:42 - 2020-01-10 18:43 - 000015243 _____ C:\WINDOWS\diagerr.xml
2020-01-10 18:34 - 2020-01-10 18:34 - 000842708 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-10 18:31 - 2020-01-10 18:31 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-01-10 18:31 - 2020-01-10 18:31 - 000116832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-01-10 18:31 - 2020-01-10 18:31 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-01-10 18:28 - 2020-01-10 18:28 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-01-10 18:23 - 2020-01-10 19:55 - 000000000 ____D C:\Users\steve
2020-01-10 18:23 - 2020-01-10 18:34 - 000000000 ____D C:\Users\Gillian
2020-01-10 18:23 - 2020-01-10 18:32 - 000000000 ____D C:\Users\Hannah
2020-01-10 18:23 - 2019-03-19 04:46 - 000001105 _____ C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-10 18:23 - 2019-03-19 04:46 - 000001105 _____ C:\Users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-10 18:23 - 2019-03-19 04:46 - 000001105 _____ C:\Users\Gillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-10 18:19 - 2019-10-07 02:57 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-01-10 18:19 - 2018-03-02 06:11 - 000144832 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2020-01-10 18:19 - 2018-03-02 06:11 - 000119744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2020-01-10 18:16 - 2020-01-10 18:17 - 000000000 __SHD C:\IntelOptaneData
2020-01-10 18:15 - 2020-01-10 19:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-10 18:15 - 2020-01-10 18:27 - 000588232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-10 18:14 - 2020-01-10 18:45 - 000000000 ____D C:\Windows.old
2020-01-10 18:01 - 2020-01-10 18:14 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2020-01-10 18:00 - 2020-01-10 18:01 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2020-01-10 18:00 - 2020-01-10 18:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2020-01-10 17:55 - 2020-01-10 17:55 - 025901056 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 014816256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 008011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 007195648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 007015936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 006232576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 005501952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 004578816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 004307968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 004150272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AI.MachineLearning.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 003967920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 003752960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 003487232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002956472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 002586816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002576384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002562048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002399232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002258848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001916984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001866272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001691648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001283072 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 001059840 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001017680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 001007616 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000822072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000768488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000679152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000632320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000452920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000404904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000380944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000375720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000354816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnphost.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000251512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-01-10 17:55 - 2020-01-10 17:55 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagSvc.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accessibilitycpl.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000193800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-01-10 17:55 - 2020-01-10 17:55 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000136536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\omadmapi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinHvPlatform.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Utilman.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000084488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2020-01-10 17:55 - 2020-01-10 17:55 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sethc.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2020-01-10 17:55 - 2020-01-10 17:55 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AtBroker.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\reg.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\udhisapi.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\upnpcont.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-01-10 17:55 - 2020-01-10 17:55 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\posetup.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-01-10 17:55 - 2020-01-10 17:55 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDJPN.DLL
2020-01-10 17:55 - 2020-01-10 17:55 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbd106.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2020-01-10 17:55 - 2020-01-10 17:55 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2020-01-10 17:55 - 2020-01-10 17:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2020-01-10 17:55 - 2020-01-10 17:55 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 017787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 007849424 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 006435840 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 006227104 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 006166016 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 005890048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AI.MachineLearning.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 004615616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 004140544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 004047360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 004005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003791360 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003591208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003371928 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003365376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003105792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 003084800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002988344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002772272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 002703872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002126112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002120704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002114048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001974824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 001942528 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001920512 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-01-10 17:54 - 2020-01-10 17:54 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001726480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 001428992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 001413912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001394168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-01-10 17:54 - 2020-01-10 17:54 - 001327064 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001259416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 001171704 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 001094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001069064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001027000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000911824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000874936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000874536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000844800 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000811536 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntimewindows.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\agentactivationruntime.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000657424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000649728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000638264 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000589592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000586768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000551736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Vid.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000517432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000514576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000477712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-01-10 17:54 - 2020-01-10 17:54 - 000466928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000461320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.ConversationalAgent.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000416016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000372752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SpeechPrivacy.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000324624 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000322504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000291256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000247856 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\accessibilitycpl.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000220472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000204816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000202552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AarSvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000164776 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationControlCSP.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Utilman.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\EaseOfAccessDialog.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000113160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000105488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\sethc.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-01-10 17:54 - 2020-01-10 17:54 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000088568 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AtBroker.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000047616 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000047208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-01-10 17:54 - 2020-01-10 17:54 - 000036368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000028344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscisvif.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\applockerfltr.sys
2020-01-10 17:54 - 2020-01-10 17:54 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscadminui.exe
2020-01-10 17:54 - 2020-01-10 17:54 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-01-10 17:54 - 2020-01-10 17:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-01-10 17:46 - 2020-01-10 17:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2020-01-10 17:46 - 2020-01-10 17:46 - 000000000 ____D C:\Program Files\MSBuild
2020-01-10 17:46 - 2020-01-10 17:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2020-01-10 17:46 - 2019-03-18 19:21 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2020-01-10 17:46 - 2019-03-18 19:20 - 004470272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2020-01-10 17:46 - 2019-03-18 19:16 - 000903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2020-01-10 17:46 - 2019-03-18 18:15 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2020-01-10 17:46 - 2019-03-18 18:09 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2020-01-10 17:46 - 2019-03-01 17:33 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2020-01-10 17:46 - 2019-03-01 17:31 - 001166488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2020-01-10 17:46 - 2019-03-01 17:31 - 000124568 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2020-01-10 17:46 - 2019-03-01 17:31 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2020-01-10 17:46 - 2019-02-05 18:41 - 000778912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2020-01-10 17:46 - 2019-02-05 18:41 - 000103072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2020-01-10 17:46 - 2019-02-05 18:41 - 000035592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2020-01-10 17:46 - 2018-08-09 14:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2020-01-10 17:43 - 2020-01-10 17:43 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-10 17:43 - 2020-01-10 17:43 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-10 17:16 - 2020-01-10 19:55 - 000000000 ___DC C:\WINDOWS\Panther
2020-01-10 17:13 - 2020-01-10 17:16 - 000000036 _____ C:\WINDOWS\progress.ini
2020-01-10 17:05 - 2020-01-10 17:13 - 000000000 ___HD C:\$GetCurrent
2020-01-10 17:05 - 2020-01-10 17:13 - 000000000 ____D C:\Windows10Upgrade
2020-01-10 17:05 - 2020-01-10 17:05 - 006261368 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Windows10Upgrade9252.exe
2020-01-10 17:05 - 2020-01-10 17:05 - 000000735 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2020-01-10 17:05 - 2020-01-10 17:05 - 000000723 _____ C:\Users\steve\Desktop\Windows 10 Update Assistant.lnk
2020-01-10 12:05 - 2020-01-10 12:05 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-01-09 21:41 - 2020-01-09 21:42 - 000001234 _____ C:\Users\steve\Desktop\New Text Document.txt
2020-01-09 21:27 - 2020-01-09 21:27 - 000000000 ____D C:\Users\steve\AppData\Local\mbamtray
2020-01-09 21:27 - 2020-01-09 21:27 - 000000000 ____D C:\Users\steve\AppData\Local\mbam
2020-01-09 21:26 - 2020-01-10 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-01-09 21:26 - 2020-01-10 12:05 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-01-09 21:26 - 2020-01-09 21:26 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-01-09 21:26 - 2020-01-09 21:26 - 000001916 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-01-09 21:26 - 2020-01-09 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-01-09 21:26 - 2020-01-09 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2020-01-09 21:26 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-01-09 21:25 - 2020-01-09 21:25 - 064333800 _____ (Malwarebytes ) C:\Users\steve\Desktop\mb3-setup-1878.1878-3.8.3.2965.exe
2020-01-09 08:16 - 2020-01-10 19:59 - 000000000 ____D C:\FRST
2020-01-09 08:15 - 2020-01-09 08:15 - 002573312 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-01-10 19:59 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-10 19:57 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-10 19:55 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-10 19:55 - 2018-10-10 17:55 - 000000000 ___RD C:\Users\steve\3D Objects
2020-01-10 19:55 - 2018-10-10 17:55 - 000000000 ____D C:\Users\steve\AppData\Local\Packages
2020-01-10 19:55 - 2018-07-12 17:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-01-10 18:45 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-01-10 18:44 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-10 18:43 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-01-10 18:41 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-10 18:32 - 2018-10-10 19:55 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-10 18:32 - 2018-10-10 19:55 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-10 18:32 - 2018-10-10 19:55 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-10 18:26 - 2019-03-19 04:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-01-10 18:25 - 2018-10-10 19:49 - 000000000 ____D C:\Users\Gillian\AppData\Local\Packages
2020-01-10 18:24 - 2019-12-02 08:11 - 000000000 ____D C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2020-01-10 18:23 - 2018-10-10 19:33 - 000000000 ____D C:\Users\Hannah\AppData\Local\Packages
2020-01-10 18:14 - 2019-12-02 08:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2020-01-10 18:14 - 2019-11-14 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudpaging Player
2020-01-10 18:14 - 2019-11-14 09:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2020-01-10 18:14 - 2019-09-11 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2020-01-10 18:14 - 2019-06-29 10:20 - 000000000 ____D C:\Program Files\UNP
2020-01-10 18:14 - 2019-04-18 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2020-01-10 18:14 - 2019-04-10 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 __RHD C:\Users\Public\Libraries
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\spool
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ServiceState
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Registration
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-01-10 18:14 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-01-10 18:14 - 2019-03-19 04:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2020-01-10 18:14 - 2018-10-10 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2020-01-10 18:14 - 2018-10-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2018
2020-01-10 18:14 - 2018-10-10 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2020-01-10 18:14 - 2018-10-10 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2020-01-10 18:14 - 2018-10-10 16:43 - 000000000 ____D C:\WINDOWS\oem
2020-01-10 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2020-01-10 18:14 - 2018-09-15 07:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2020-01-10 18:14 - 2018-07-12 18:13 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2020-01-10 18:14 - 2018-07-12 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2020-01-10 18:14 - 2018-07-12 17:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2020-01-10 18:14 - 2018-07-12 17:38 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2020-01-10 18:14 - 2018-07-12 17:26 - 000000000 ____D C:\Program Files\Intel
2020-01-10 18:02 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Resources
2020-01-10 18:02 - 2018-11-10 07:46 - 000000000 ____D C:\WINDOWS\system32\Intel
2020-01-10 18:01 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Help
2020-01-10 18:01 - 2018-10-23 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\appraiser
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\DiagTrack
2020-01-10 17:58 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-10 17:58 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\et-EE
2020-01-10 17:47 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2020-01-10 17:45 - 2019-03-19 04:56 - 000000000 ____D C:\WINDOWS\Setup
2020-01-09 08:11 - 2018-10-10 20:44 - 000000000 ____D C:\Users\steve\Desktop\Stevies Music
2020-01-07 15:41 - 2018-10-10 19:49 - 000000000 __SHD C:\Users\Gillian\IntelGraphicsProfiles
2019-12-17 18:02 - 2018-10-10 19:59 - 000000000 ____D C:\Users\Gillian\Desktop\ARF General
2019-12-17 17:57 - 2018-10-10 20:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-17 17:53 - 2018-10-10 20:45 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-17 17:31 - 2018-10-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
And
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by steven (10-01-2020 20:00:55)
Running from C:\Users\steve\Desktop
Windows 10 Home Version 1909 18363.535 (X64) (2020-01-10 18:45:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1741543102-3776721137-2454621359-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1741543102-3776721137-2454621359-503 - Limited - Disabled)
Gillian (S-1-5-21-1741543102-3776721137-2454621359-1003 - Limited - Enabled) => C:\Users\Gillian
Guest (S-1-5-21-1741543102-3776721137-2454621359-501 - Limited - Disabled)
Hannah (S-1-5-21-1741543102-3776721137-2454621359-1002 - Limited - Enabled) => C:\Users\Hannah
steven (S-1-5-21-1741543102-3776721137-2454621359-1001 - Administrator - Enabled) => C:\Users\steve
WDAGUtilityAccount (S-1-5-21-1741543102-3776721137-2454621359-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3038 - Acer Incorporated)
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}) (Version: 3.2.18270.20 - Acer)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.03.3005 - Acer Incorporated)
calibre (HKLM-x32\...\{FD6B4DA3-5E7B-499E-841D-B797BED0CC47}) (Version: 3.48.0 - Kovid Goyal)
Cloudpaging Player (HKLM\...\{23F6FB7C-C1E2-491B-91A1-0441D5191BC7}) (Version: 9.0.4.21424 - Numecent, Inc.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8216.01 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Mixbyte Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.117 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
IBM SPSS Statistics 26 (HKLM\...\{1AC22BAE-DC13-4991-9910-AE3743A4592D}) (Version: 26.0.0.0 - IBM Corp)
Intel® Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000040-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.40.0 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{2D79E334-B178-45B9-A2A6-7A60A084C268}) (Version: 16.8.0.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{18ec79fd-8f83-4e12-bfa5-80c9872cc56b}) (Version: 20.40.0 - Intel Corporation)
iPod Support (HKLM\...\{57D75376-1F31-4182-8EC8-31A6785ABF29}) (Version: 120.7.3.55 - Apple Inc.)
MAGIX Fastcut (Editing templates 1) (HKLM\...\{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 1) (HKLM\...\MX.{397087AF-DB1A-4B60-84A7-436DC262CEC2}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (Editing templates 2) (HKLM\...\{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (Editing templates 2) (HKLM\...\MX.{B4E4BC18-102D-46D0-9A40-C42F9E7D6337}) (Version: 1.1.0.0 - MAGIX Software GmbH)
MAGIX Fastcut (HKLM\...\{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH) Hidden
MAGIX Fastcut (HKLM\...\MX.{79BB86DF-723E-416A-81F2-E4F88FB71936}) (Version: 1.0.0.85 - MAGIX Software GmbH)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Music Recorder (HKLM-x32\...\{F3949798-3544-433B-B5AB-A61F32F0386F}) (Version: 18.001.2 - Nero AG) Hidden
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Nero 2018 (HKLM-x32\...\{CFA36B53-7209-4A84-88D3-68CDFFB3C59B}) (Version: 19.0.03500 - Nero AG)
Nero 2018 Content Pack 1 (HKLM-x32\...\{7165E866-AD18-4780-8578-EBBAFA0408B0}) (Version: 19.0.00700 - Nero AG)
Nero 2018 Content Pack 2 (HKLM-x32\...\{4ADCBD86-F84B-4D5F-9D8E-3DF21EB83811}) (Version: 19.0.01000 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 20.0.1011 - Nero AG)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Prerequisite installer (HKLM-x32\...\{AD240F1A-3102-492E-B657-17969A9D5E9A}) (Version: 19.0.0003 - Nero AG) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3009 - Acer Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}) (Version: 2.54.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-10-21] (Acer Incorporated)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.22.8816.0_x86__q4d96b2w5wcc2 [2020-01-07] (Evernote)
Facebook -> C:\Program Files\WindowsApps\Facebook.Facebook_186.2619.19263.0_x86__8xx8rvfyw5nnt [2019-10-11] (Facebook Inc)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-17] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\Facebook.317180B0BB486_196.2292.59195.0_x86__8xx8rvfyw5nnt [2019-05-16] (Facebook Inc)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-10-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-17] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-06-29] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2018-07-12] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3001.0_x64__48frkmn4z8aw4 [2018-10-10] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2019-07-07] (Realtek Semiconductor Corp)
Samsung Gallery -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.PCGallery_4.1.7.0_x64__3c1yjt4zspk6g [2019-12-19] (Samsung Electronics Co. Ltd.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-06-29] (Random Salad Games LLC) [MS Ad]
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_5.2.24.0_x64__kx24dqmazqk8j [2018-07-12] (Random Salad Games LLC) [MS Ad]
Zip Extractor Pro -> C:\Program Files\WindowsApps\38526MediaLife.ZipPlus_1.1.6.0_x86__1crh1k73ty8mg [2019-11-14] (Media Life)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-03] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3156b3035fd88b4d\igfxDTCM.dll [2018-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2018-12-03 21:19 - 2018-12-03 21:19 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2019-03-06 21:45 - 2007-09-18 16:44 - 000421888 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBIPDev.dll
2019-03-06 21:45 - 2007-09-10 15:03 - 000110592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBLPBidiDev.dll
2019-03-06 21:45 - 2006-12-26 14:58 - 000233544 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBMSDev.dll
2019-03-06 21:45 - 2004-11-17 16:56 - 000286720 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBNWDev.dll
2019-03-06 21:45 - 2007-09-10 15:32 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBRSVC.dll
2019-03-06 21:45 - 2006-08-30 01:02 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\epLocalBidi.dll
2019-02-22 17:01 - 2019-02-22 17:01 - 000704512 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll
2019-02-22 15:09 - 2019-02-22 15:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll
2019-03-06 21:27 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2019-03-06 21:27 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 13:46 - 2017-09-29 13:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Calibre2\
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Acer01.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000002"
HKU\S-1-5-21-1741543102-3776721137-2454621359-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8251AD1A-DD62-4330-9B8E-7575158B4937}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{25F2061C-BB02-4A73-9676-71C854DC77E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{326AC1FC-53C0-4969-B8F4-A712B661ED16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A943F6D2-56F7-4955-937F-4267CF4C9C42}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8246BC88-4069-4038-A59F-AF64B15F5F43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A428BDC-1F88-4673-B35F-3655BE2D5FBB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3D5EFFFA-6F4A-4044-86E7-6E9B961E8511}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{199A4508-1E14-4F00-AE38-A60D93F67D7E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7EA9DDF8-F191-43B7-A76C-BB11E3A6BC28}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38919211-491A-4399-942E-8B30C4EA6645}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{A16E47A8-211F-4C36-8DA0-694CCD4A95CB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{95236E62-7ACB-4C8D-8E14-7BAE7CD20548}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{F01C3573-9E22-458A-91CE-5DB8F87466B3}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{972566EC-13CB-4389-975F-449D3598E771}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\WinWrapIDE.exe (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{762E09DF-D209-4C13-A0E4-3B1D507301E2}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\26\stats.com (International Business Machines Corporation -> IBM Corp.)
FirewallRules: [{C1039280-49B6-4832-98CC-D463F2889E8D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C5CAB28-7A10-4992-B0C9-70236A8C60A9}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{17D38086-9743-4EDF-A691-D604CA563BF2}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{8512E3DC-37D3-49EE-B00D-A3EEF04AD6F4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82A5AD19-DA39-4D7A-AD87-F36E470DECF0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E19D774-3AD9-40E7-8A57-3EC857B324B6}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{D8CD1526-D62D-4560-B9BE-5C7DD465AF66}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{1FF9056C-18B8-4C4C-9D20-C003728090EE}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{A784AB41-9E8F-46F0-9E57-AF1311F23631}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container64.exe (Open Labs, LLC -> )
FirewallRules: [{923C6F2D-B29D-4895-BFA1-48EB43990A10}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{B0AB877D-0BC9-4591-95DF-99105791A82B}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{C4B06792-EBC8-4B07-9AED-66B147D119DC}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{8EBD3890-585B-4E72-A392-F0248E6A25D5}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight Container32.exe (Open Labs, LLC -> )
FirewallRules: [{F7769D7A-AE6B-45E3-B473-81F59F1CF973}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D43775B1-7D82-4961-B564-BAD29245AD03}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{D4AA9B30-D49F-40AB-B4D0-6972C69BA846}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{71B9035B-6E96-481F-B4D0-8879D188A65E}] => (Allow) C:\Program Files\WindowsApps\OpenLabsLLC.58714A8CB3A31_4.0.7326.0_x64__xgwf4v8gps778\Stagelight.exe (Open Labs, LLC -> )
FirewallRules: [{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{19E30E0A-0651-495C-A131-EBF39A65F1BD}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{7C5949E0-929E-4D54-A026-E04F2F4BE8C4}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{E2924F25-34C0-4626-A9C9-19DA4B24F666}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{3A5D0AC9-B794-4203-9E59-FBFE5B54489D}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{880BC1A5-BE3A-4458-8036-821E59639861}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\MediaHome.exe (Nero AG -> Nero AG)
FirewallRules: [{7281B20E-EDC8-4CCB-8E0A-F2F49469F7D4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero MediaHome\NMDllHost.exe (Nero AG -> Nero AG)
FirewallRules: [{342937BD-E016-4532-A04F-FBEBD049AAF4}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\NBService.exe (Nero AG -> Nero AG)
FirewallRules: [{DF20B925-1023-4762-81E7-98EC3A4B2A1F}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero BackItup\BackItUp.exe (Nero AG -> Nero AG)
FirewallRules: [{9ADEFCFF-9482-44EA-A424-A120B8199C5A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2018\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{FD7A0653-41F4-4E71-B8C5-AF429A19D91C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D202D25-7419-4351-AB12-F47701FDF589}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{09EC6237-0455-4632-A697-D4D68AA27CC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7197BF68-838D-4363-8861-6BF58CA46EAB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{76160FCB-23E9-44C7-B7B4-267B19F98FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{FCBA071B-62BB-4133-A9A7-D361BFA1A0BB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{77259A9F-07D7-4765-AE66-E8863DFAB8A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{9722F32B-89D4-46D9-8C3B-E2337F9B9FA0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel® Wireless Connectivity Solutions -> )
FirewallRules: [{5EEB7081-F60A-45BE-ADF0-2E30DBC8AD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.10827.20150.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7803DB8D-20DC-4719-8CC9-80C7D9050672}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9EF68A9-874C-45C3-87A2-DFBD76523449}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89F9BE8B-7F6C-4FA2-A671-7C6C33D86257}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45CCA6A0-26E7-4386-8124-A066D364B243}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{64E67CCB-690C-4DE7-AA37-73D3B1CECCA0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF5FD869-0C66-4216-BAA9-23E48D8BE971}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3353EE94-63C6-40A8-96F1-6D76C8729B69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96366D79-7BD9-4D32-898E-F41FA739D322}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:465.19 GB) (Free:340.04 GB) (73%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:35:42 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./ROOT/default namespace does not exist. The query will be ignored.
 
Error: (01/10/2020 06:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GLCRIconSvc.exe, version: 1.0.0.0, time stamp: 0x5a25299e
Faulting module name: CFGMGR32.dll, version: 10.0.18362.387, time stamp: 0xe4afe536
Exception code: 0xc0000005
Fault offset: 0x0000b79d
Faulting process ID: 0x1190
Faulting application start time: 0x01d5c7e29d94b553
Faulting application path: C:\WINDOWS\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
Faulting module path: C:\WINDOWS\System32\CFGMGR32.dll
Report ID: 3cec5672-3625-4b0e-a8d9-0f6e240598d6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/10/2020 06:19:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure
.
 
 
System errors:
=============
Error: (01/10/2020 06:28:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The ZeroConfigService service terminated with the following error: 
%%2147770990
 
Error: (01/10/2020 06:25:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
The device is not ready.
 
Error: (01/10/2020 06:25:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
 
Error: (01/10/2020 06:23:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
The device is not ready.
 
Error: (01/10/2020 06:23:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
 
Error: (01/10/2020 06:21:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
The device is not ready.
 
Error: (01/10/2020 06:21:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.
 
Error: (01/10/2020 06:20:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Genesys Logic Service service terminated unexpectedly. It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
 
Date: 2020-01-10 19:58:57.908
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:58:23.672
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:58:23.647
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:58:23.630
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:58:21.162
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:57:53.828
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:57:53.281
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-01-10 19:57:51.960
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc R01-A2 05/08/2018
Motherboard: Acer Aspire XC-885
Processor: Intel® Core™ i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 43%
Total physical RAM: 8066.76 MB
Available physical RAM: 4546.09 MB
Total Virtual: 9986.76 MB
Available Virtual: 6606.46 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:465.19 GB) (Free:340.04 GB) NTFS
Drive d: (Data) (Fixed) (Total:465.2 GB) (Free:458.33 GB) NTFS
Drive f: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
 
\\?\Volume{af1a4e76-2cab-42a1-b627-2319125239c2}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.52 GB) NTFS
\\?\Volume{e98a5c0c-fd67-4cc4-8a80-21ad4146b416}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2034C532)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End of Addition.txt =======================

  • 0

#7
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Steviep.

Let's do some more tidiness, now your operating system is up to date.

1. Change a setting in Malwarebytes

  • Double click on the Malwarebytes icon on your Desktop, and click the little gear on the upper right corner to get to Settings.
  • Choose the Security tab.
  • Under the title Windows Security Center, disable the option Always register Malwarebytes in the Windows Security Center.
  • Close Malwarebytes.

 

2. Run a new fix with FRST

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".
start::
closeprocesses:
systemrestore: on
createrestorepoint:
Task: {5226BDA0-2594-4B9F-A176-7BC3C41AEC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
FirewallRules: [{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{19E30E0A-0651-495C-A131-EBF39A65F1BD}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{76160FCB-23E9-44C7-B7B4-267B19F98FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{77259A9F-07D7-4765-AE66-E8863DFAB8A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
emptytemp:
end::
  • Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.

 

3. Provide some feedback

Can you please tell me how is the computer now? Is it still extremely slow as before?


In your next reply, please include:

  • The fixlog.txt
  • Your comments about how is the computer now.

If you are still having problems, we will try to check if there are programs/services on the computer causing them. I'll wait your reply first.


  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M,

 

Thanks you for your assistance. Here is the Log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2020
Ran by steven (12-01-2020 19:06:42) Run:2
Running from C:\Users\steve\Desktop
Loaded Profiles: steven (Available Profiles: steven & Hannah & Gillian)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
closeprocesses:
systemrestore: on
createrestorepoint:
Task: {5226BDA0-2594-4B9F-A176-7BC3C41AEC0A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
C:\Program Files\Common Files\AVAST Software
FirewallRules: [{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{19E30E0A-0651-495C-A131-EBF39A65F1BD}] => (Allow) C:\Users\steve\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{76160FCB-23E9-44C7-B7B4-267B19F98FDC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe No File
FirewallRules: [{77259A9F-07D7-4765-AE66-E8863DFAB8A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
emptytemp:
 
*****************
 
Processes closed successfully.
SystemRestore: on => completed
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5226BDA0-2594-4B9F-A176-7BC3C41AEC0A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5226BDA0-2594-4B9F-A176-7BC3C41AEC0A}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Program Files\Common Files\AVAST Software => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C5578D0-6D29-494E-B3A2-EBD34B6980FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19E30E0A-0651-495C-A131-EBF39A65F1BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76160FCB-23E9-44C7-B7B4-267B19F98FDC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77259A9F-07D7-4765-AE66-E8863DFAB8A1}" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48433329 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4837586 B
Edge => 5252458 B
Chrome => 382923580 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18994 B
NetworkService => 20188 B
steve => 5186338 B
Hannah => 5186338 B
Gillian => 5186338 B
 
RecycleBin => 628062616 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:08:14 ====
 
With regards to how the PC is running, I'm afraid I dont notice any difference with the length of time it takes to get up running when switching on, my desktop items seem to start as blank Icons then they get the correct picture then flicker and some go blank again before finally coming back if that makes any sense?
 
Thanks again

  • 0

#9
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Steviep.

Let's try this.

1. Right click anywhere on your task bar and choose Task Manager.

TaskManager1.jpg

2. If you see a window like the one in the picture below, choose More details. Otherwise move on to the step 3 directly.

 

TaskManager2.jpg

3. Click on Start up tab and check the columns Status and Start-up impact. See if you don't need any of the enabled items to start with Windows. Especially check items with the indication High. Click on the items you don't need to start with Windows and select Disable.

 

TaskManager3.jpg

4. Restart the computer and check if it is still slow at start-up.

5. Report your comments in your next reply.

 


  • 0

#10
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M, 

 

Sorry for the late reply, I have disabled all except Windows Security Notification and it does now seem a little faster when booting up so thank you again for your help. Can I ask if having large files on my desktop makes any difference to the start up time?


  • 0

Advertisements


#11
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Steviep.

 

It's good to hear that the computer is not as slow as before at start-up. Do you have the same issues with the files on Desktop losing their image and need time to come back?

 

About the many files on the Desktop, yes, everything on the desktop is scanned on startup. So if you have many files and folders on it, this can slow the start-up time. A clean up perhaps will help.

 

Let's do something else, checking for any further improvement.

 

Perform a Clean Boot

  • In the search box on the taskbar, type msconfig and select System Configuration from the results.
  • On the Services tab of System Configuration, select Hide all Microsoft services, and then select Disable all.
  • On the Startup tab of System Configuration, select Open Task Manager.
  • Under Startup in Task Manager, for each startup item, select the item and then select Disable.
  • Close Task Manager.
  • On the Startup tab of System Configuration, select OK
  • Restart the computer. It will be in a clean boot environment. Your computer might temporarily lose some functionality while in a clean boot environment.

 

How is your computer now? Is it slow as before? Please report your comments. :)


  • 0

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M,

 

Its much better now, times from switching on until desktop ready and took around 40 secs also no more losing their image. I have also cleared up my desktop- had around 50 gig of files on it and I've moved them off the desktop. Thank you so much for your help, its very much appreciated.

 

Stevie


Edited by Steviep, 16 January 2020 - 04:40 AM.

  • 0

#13
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

Hi, Stevie.

 

The fact that you find your computer faster in Clean Boot Environment is an evidence that a service may be the reason for the slow start-up in Normal Environment. Next, we will try to find out which service/services is/are this/these. I will be back to you as soon as possible. :)


  • 0

#14
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts

Hi Dr M,

 

I'm now away on a long weekend and wont have access till the evening of 21st Jan, thanks again for your assistance.

 

Stevie


  • 0

#15
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,358 posts

I'm now away on a long weekend and wont have access till the evening of 21st Jan, thanks again for your assistance.


Thanks for letting me know, Stevie.

Have a nice weekend! :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP