Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Causing Blue Screen of Death, Desktop Disappears, Etc


  • Please log in to reply

#1
star_stitcher5

star_stitcher5

    Member

  • Member
  • PipPip
  • 53 posts

Hi,

 

My laptop seems to be infected with Malware which causes the Blue Screen of Death, the desktop turns into an aqua blue screen that is non functional. Luckily Kerish Doctor restores it. Task Manager isn't working either, the laptop freezes up, then comes the BSOD.....I have run as administator,  the Farbar download after checking my system which says it's a 64 bit....when the scan is done I get this message: Cannot find the C:/ Users/ Linda/Desktop/additional txt/file.

 

There is nothing copied to the notepad links that come up on my desktop. I've updated and run Malwarebytes, Avast free, & SuperAntiSpyware. I don't know what to do next.

 

Any help is greatly appreciated! Thanks Linda.


  • 0

Advertisements


#2
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 182 posts

Hi star_stitcher5, welcome to the Geeks to Go malware removal forum..!  :)

 

 
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.

  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

  • FRST.txt
  • Addition.txt

  • 0

#3
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 182 posts

Important :

  1. Please be sure that 90 Days Files check box under Optional Scan section is checked.
  2. Please be sure that Addition.txt check box under Optional Scan section is checked.

_frst_scan.jpg.4462c8092d44f88f879e4255b


  • 0

#4
star_stitcher5

star_stitcher5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hi, thanks so much for responding so quickly. I'll do that now, and be back once I run both scans. Many thanks!


  • 0

#5
star_stitcher5

star_stitcher5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hello again, I have run the FarBar Recovery Tool again, the 64 bit version, when I tried to download the 32 bit version, I got a message telling me that version wasn't compatible for my system.....anyway, I made sure everything was checked as you said, including the 90 day box and additional txt box, ran the scan as instructed. Clicked the OK's & again got the message that the path stated in my first post couldn't be found. It then asked me if I wanted to save a copy and I clicked yes. When Notepad opened, there was no text saved to either one. So, I'm back to square one. I'm sure those FRST files are somewhere but I can't find them. Whenever I do a search for them, my laptop freezes up and I have to reboot. ..Also, I did follow the instructions to save the scan results to my desktop. I don't know what else to do. Thanks! :)


  • 0

#6
star_stitcher5

star_stitcher5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

OK, I disabled Avast and managed to run the FaBar scans.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2020
Ran by Linda (administrator) on LINDALAPTOP (TOSHIBA Satellite C70D-A) (10-09-2020 15:52:59)
Running from C:\Users\Linda\Downloads
Loaded Profiles: Linda
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...ial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(APPEX NETWORKS CORPORATION -> AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent

\CAudioFilterAgent64.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common

\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Informer Technologies, Inc.) [File not signed] C:\Program Files\Software Informer\softinfo.exe <2>
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps

\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Foundation) C:\Program Files (x86)\Mozilla Firefox\pingsender.exe
(OOO AMA -> Kerish Products) C:\Program Files (x86)\Kerish Doctor\KerishDoctor.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will

not be moved.)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA

CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA

CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA

CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA

CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048

2013-01-11] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems,

Inc.) [File not signed]
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel

\GWX_control_panel.exe [4559944 2016-01-24] (Josh Mayfield -> UltimateOutsider)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [109160 2020-08-13] (Avast

Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512

2013-07-23] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-

05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector

EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6709008

2020-07-30] (IObit Information Technology -> IObit)
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick

Stream\AMDQuickStream.exe [429792 2013-04-11] (APPEX NETWORKS CORPORATION -> AppEx Networks Corporation)
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files

\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224496 2020-09-05] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files

\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Run: [Software Informer] => C:\Program Files\Software

Informer\softinfo.exe [1634304 2015-06-26] (Informer Technologies, Inc.) [File not signed]
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\MountPoints2: {123a54da-684c-11e4-827d-c454442c9198} - "E:

\LGAutoRun.exe"
HKLM\...\Windows x64\Print Processors\Canon TS3300 series Print Processor: C:\Windows\System32\spool\prtprocs

\x64\CNMPDG3.DLL [509952 2019-08-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-

07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3300 series: C:\Windows\system32\CNMLMG3.DLL [1338368 2019-08

-02] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 8911 Status Monitor: C:\Windows\system32\hpinksts8911LM.dll [332176 2012-09-12]

(Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows

Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

[2016-04-26]
ShortcutAndArgument: Monitor Ink Alerts - .lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP

Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3433CG2C05HW;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP

Deskjet 1050 J410 series.lnk [2016-09-24]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Windows\system32\RunDll32.exe =>

"C:\Program Files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry

SERIALNUMBER=CN3433CG2C05HW;CONNECTION=USB;MONITOR=1;
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)

Task: {00DDCFD5-2459-414A-ABD2-C8BE16F79B05} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software

Informer\softinfo.exe [1634304 2015-06-26] (Informer Technologies, Inc.) [File not signed]
Task: {1300AF25-0DB3-489C-8785-B7ACC5F03992} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common

Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
Task: {301FFD1D-D462-47D5-A8A0-BA32882F3C0C} - System32\Tasks\Mozilla\Firefox Default Browser Agent

E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [660688 2020-09-01] (Mozilla

Corporation -> Mozilla Foundation)
Task: {479FD7BC-C9CE-44AB-93AB-CEFB4C4661CC} - System32\Tasks\Norton Internet Security\Norton Error Processor =>

C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe
Task: {5D5B1577-C558-4298-B5F8-803412FBA8EF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST

Software\Avast\AvEmUpdate.exe [3810408 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
Task: {5D811B1D-DD56-44AA-9077-6E2EB4F6D736} - System32\Tasks\{A94C431E-77B1-4B8A-807D-5B77451B19F8} => C:

\Windows\system32\pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -c -maintain

plugin
Task: {723CF762-0CB5-4FB2-81A9-84B4FC3E12EF} - System32\Tasks\IMF_SkipUAC_Linda => C:\Program Files (x86)\IObit

\IObit Malware Fighter\IMF.exe [6709008 2020-07-30] (IObit Information Technology -> IObit)
Task: {78F71F5E-9580-46BB-94D4-CDCE2EE7DC2D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files

\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {7E819E57-3769-4CC7-8531-6858F7E4BCDD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner

\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {802D2317-58B8-47F5-9A42-BD4ACDD23017} - System32\Tasks\Adobe Flash Player Updater => C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-08] (Adobe Inc. -> Adobe)
Task: {87DC97E4-077D-4102-915B-D3A3ED2F11AE} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe

[53248 2013-08-28] () [File not signed]
Task: {8AAD8766-020A-4736-9001-52A5E7B31C67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)
Task: {95D7D447-B594-4F4B-A8A6-4EE4350426DD} - System32\Tasks\Kerish Doctor => C:\Program Files (x86)\Kerish

Doctor\KerishDoctor.exe [4892280 2020-09-09] (OOO AMA -> Kerish Products)
Task: {AA24604C-EAB3-41A1-85A3-5AAAF4C9A553} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows

\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-08] (Adobe Inc. -> Adobe)
Task: {B0538066-C010-4A81-A52A-FA3F344F19BF} - System32\Tasks\START SKYDRIVE => C:\Windows\System32\SkyDrive.exe

[1154048 2014-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {BB94F680-C090-4C55-9F5D-B136B2114DF1} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series =>

C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [4119656 2012-10-02] (Hewlett Packard ->

Hewlett-Packard Co.)
Task: {BBBBB525-214C-4C4F-BAF7-234FC99FF61C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner

\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DFA9A6D9-2FEA-48B7-A009-1016BE395D70} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program

Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {E8C4FBEC-C798-4DBB-8E0F-1C4CBC75C0F8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer =>

C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task

will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{CB2CDD06-251C-4A03-A163-D12B560031D3}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{E3E17704-AA79-4254-A9F4-CDD3CCEB302A}: [DhcpNameServer] 40.41.1.201 40.41.1.203

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?

prd=ie&ar=iesearch
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages

= hxxp://www.toshiba.ca/welcome/?w=23
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2293777963-1639995663-2975564211-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-

FB4393789EF4} URL = hxxps://www.google.ca/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2293777963-1639995663-2975564211-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL =

hxxps://www.google.ca/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java

\jre1.8.0_241\bin\ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java

\jre1.8.0_241\bin\jp2ssv.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)

Edge:
======
Edge Profile: C:\Users\Linda\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-10]

FireFox:
========
FF DefaultProfile: 4x422icy.default-1510431351097-1599528827636
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4x422icy.default-1510431351097-

1599528827636 [2020-09-10]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles

\4x422icy.default-1510431351097-1599528827636\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-09-09]
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-1425365656615 [2020-09-

10]
FF DownloadDir: C:\Users\Linda\Downloads
FF Homepage: Mozilla\Firefox\Profiles\1v38mi9i.default-1425365656615 -> about:home
FF NewTab: Mozilla\Firefox\Profiles\1v38mi9i.default-1425365656615 -> about:home
FF Notifications: Mozilla\Firefox\Profiles\1v38mi9i.default-1425365656615 -> hxxps://irazoo.onesignal.com;

hxxps://forum.surveypolice.com; hxxps://trendcave.pushcrew.com; hxxps://samplesource.pushcrew.com;

hxxps://allfreeknitting.copush.com
FF Extension: (Notifier for Gmail™) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-

1425365656615\Extensions\[email protected] [2017-11-08]
FF Extension: (Linkificator) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-

1425365656615\Extensions\[email protected] [2017-11-03]
FF Extension: (Video WithOut Flash) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-

1425365656615\Extensions\[email protected] [2015-10-03] [Legacy]
FF Extension: (Linkification) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-

1425365656615\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi [2016-06-05] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1v38mi9i.default-

1425365656615\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-09-08] (Adobe

Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-08]

(Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin

\npDeployJava1.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin

\plugin2\npjp2.dll [2020-01-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-04-23]

(VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-08-17]

(Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2293777963-1639995663-2975564211-1001: @rocketlife.com/RocketLife Secure Plug-In

Layer;version=1.0.5 -> C:\Users\Linda\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15]

(RocketLife -> RocketLife, LLP)
FF Plugin HKU\S-1-5-21-2293777963-1639995663-2975564211-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users

\Linda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS -> Unity

Technologies ApS)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com ->

SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30]

() [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-07-08] (Adobe Inc.

-> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-08]

(Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7776160 2020-08-13] (Avast Software s.r.o.

-> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [353696 2020-08-13] (Avast Software s.r.o.

-> AVAST Software)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2018-

02-16] (Digital Wave Ltd -> Digital Wave Ltd.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard

Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

[89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04]

(Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe [2403088 2020-06-19] (IObit

Information Technology -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7138296 2020-09-06] (Malwarebytes Inc

-> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION ->

TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft

Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation ->

Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (APPEX NETWORKS CORPORATION -> AppEx

Networks Corporation)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37152 2020-08-13] (Avast Software s.r.o. -> AVAST

Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [205888 2020-08-13] (Avast Software s.r.o. -> AVAST

Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [235592 2020-08-13] (Avast Software s.r.o. ->

AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [195656 2020-08-13] (Avast Software s.r.o. -> AVAST

Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [60488 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42776 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [175200 2020-08-13] (Avast Software s.r.o. -> AVAST

Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [109280 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84856 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851608 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [466752 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [217336 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [323784 2020-08-13] (Avast Software s.r.o. -> AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-09-06] (Malwarebytes Corporation ->

Malwarebytes)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [105704 2013-08-16] (Genesys Logic,INC.  -> GenesysLogic)
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfHpRegFilter.sys

[25176 2019-12-17] (IObit CO., LTD -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21928

2018-12-06] (IObit Information Technology -> IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16184

2019-06-11] (IObit CO., LTD -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfHpFileFilter.sys

[28760 2019-12-17] (IObit CO., LTD -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfRealScanner.sys [33368

2020-07-01] (IObit CO., LTD -> IObit)
R3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\ImfRegistryFilter.sys

[25688 2019-12-17] (IObit CO., LTD -> IObit)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2020-04-07] (Red Fox UK Limited -> Highresolution

Enterprises [www.highrez.co.uk])
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217608 2020-09-06] (Malwarebytes Inc ->

Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197280 2020-09-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73880 2020-09-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-09-06] (Malwarebytes Inc ->

Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2020-09-10] (Malwarebytes Inc -> Malwarebytes)
R3 QIOMem; C:\Windows\System32\drivers\QIOMem.sys [14000 2013-08-06] (WDKTestCert 1,130202426583431586 -> TOSHIBA)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. ->

SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. ->

SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tenCapture; C:\Windows\system32\DRIVERS\tenCapture.sys [23736 2012-07-20] (Web Solution Mart -> Hajo

Krabbenhöft)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA CORPORATION -> TOSHIBA

Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (TOSHIBA CORPORATION -> Windows ® Win 7

DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware

Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft

Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft

Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)


==================== Three months (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-10 15:31 - 2020-09-10 15:31 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-09-10 14:28 - 2020-09-10 14:28 - 000281664 _____ C:\Windows\Minidump\091020-32859-01.dmp
2020-09-10 14:10 - 2020-09-10 14:10 - 000003642 _____ C:\Users\Linda\Desktop\FRST64 - Shortcut.lnk
2020-09-10 13:53 - 2020-09-10 14:27 - 653757306 _____ C:\Windows\MEMORY.DMP
2020-09-10 13:53 - 2020-09-10 13:53 - 000281664 _____ C:\Windows\Minidump\091020-29562-01.dmp
2020-09-09 21:57 - 2020-09-09 21:57 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-09-09 21:54 - 2020-09-09 21:54 - 027072192 _____ (Piriform Software Ltd) C:\Users\Linda\Downloads\ccsetup570

(1).exe
2020-09-09 21:50 - 2020-09-09 21:51 - 027072192 _____ (Piriform Software Ltd) C:\Users\Linda\Downloads

\ccsetup570.exe
2020-09-09 18:21 - 2020-09-09 18:30 - 000047380 _____ C:\Users\Linda\Downloads\Addition.txt
2020-09-09 18:04 - 2020-09-10 15:55 - 000029024 _____ C:\Users\Linda\Downloads\FRST.txt
2020-09-09 18:03 - 2020-09-09 18:03 - 002297344 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2020-09-09 16:12 - 2020-09-09 16:12 - 000000000 ___HD C:\$AV_ASW
2020-09-09 13:16 - 2020-09-09 13:16 - 000003244 _____ C:\Windows\system32\Tasks\Kerish Doctor
2020-09-09 13:14 - 2020-09-09 13:16 - 000001195 _____ C:\Users\Public\Desktop\Kerish Doctor 2020.lnk
2020-09-09 13:14 - 2020-09-09 13:16 - 000001195 _____ C:\ProgramData\Desktop\Kerish Doctor 2020.lnk
2020-09-09 03:39 - 2020-09-09 03:39 - 000197280 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-09-09 03:39 - 2020-09-09 03:39 - 000073880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-09-08 14:04 - 2020-09-01 22:52 - 003332608 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-09-08 14:04 - 2020-09-01 22:25 - 003641344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-09-08 14:04 - 2020-08-28 19:41 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-09-08 14:04 - 2020-08-26 22:04 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-09-08 14:04 - 2020-08-20 13:54 - 022382424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-09-08 14:04 - 2020-08-20 13:51 - 019805104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-09-08 14:04 - 2020-08-15 00:22 - 001370680 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-09-08 14:04 - 2020-08-15 00:18 - 007363328 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-09-08 14:04 - 2020-08-15 00:18 - 002012928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-09-08 14:04 - 2020-08-15 00:18 - 000373512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2020-09-08 14:04 - 2020-08-14 22:11 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-09-08 14:04 - 2020-08-14 21:43 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-09-08 14:04 - 2020-08-14 21:39 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-09-08 14:04 - 2020-08-14 21:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-09-08 14:04 - 2020-08-14 21:17 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\WFS.exe
2020-09-08 14:04 - 2020-08-14 21:17 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-09-08 14:04 - 2020-08-14 21:14 - 001442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-09-08 14:04 - 2020-08-14 21:14 - 001383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-09-08 14:04 - 2020-08-14 21:12 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2020-09-08 14:04 - 2020-08-14 21:12 - 000066048 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2020-09-08 14:04 - 2020-08-14 21:11 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2020-09-08 14:04 - 2020-08-14 21:11 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2020-09-08 14:04 - 2020-08-14 21:04 - 001757184 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-09-08 14:04 - 2020-08-14 21:02 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2020-09-08 14:04 - 2020-08-14 20:59 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-09-08 14:04 - 2020-08-14 20:57 - 001559040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-09-08 14:04 - 2020-08-14 20:55 - 000292352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2020-09-08 14:04 - 2020-08-14 20:55 - 000228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2020-09-08 14:04 - 2020-08-14 20:55 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2020-09-08 14:04 - 2020-08-14 20:55 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2020-09-08 14:04 - 2020-08-14 20:50 - 001495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-09-08 14:04 - 2020-08-12 22:25 - 001308256 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-09-08 14:04 - 2020-08-12 22:24 - 000355576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\msrpc.sys
2020-09-08 14:04 - 2020-08-12 21:41 - 025756672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-09-08 14:04 - 2020-08-12 21:17 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-09-08 14:04 - 2020-08-12 21:06 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-09-08 14:04 - 2020-08-12 21:06 - 005500416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-09-08 14:04 - 2020-08-12 21:06 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-09-08 14:04 - 2020-08-12 20:50 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-09-08 14:04 - 2020-08-12 20:40 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-09-08 14:04 - 2020-08-12 20:37 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-09-08 14:04 - 2020-08-12 20:30 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-09-08 14:04 - 2020-08-12 20:29 - 015480320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-09-08 14:04 - 2020-08-12 20:26 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2020-09-08 14:04 - 2020-08-12 20:20 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-09-08 14:04 - 2020-08-12 20:18 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-09-08 14:04 - 2020-08-12 20:16 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-09-08 14:04 - 2020-08-12 20:15 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-09-08 14:04 - 2020-08-12 20:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-09-08 14:04 - 2020-08-12 20:12 - 000044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtutils.dll
2020-09-08 14:04 - 2020-08-12 20:11 - 013862400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-09-08 14:04 - 2020-08-12 20:04 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-09-08 14:04 - 2020-08-12 19:57 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-09-08 14:04 - 2020-08-12 19:54 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-09-08 14:04 - 2020-08-12 19:53 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-09-08 14:04 - 2020-08-12 19:52 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-09-08 14:04 - 2020-08-10 23:19 - 000136824 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-09-08 14:04 - 2020-08-10 23:17 - 000537632 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-09-08 14:04 - 2020-08-10 23:16 - 001210112 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-09-08 14:04 - 2020-08-10 23:16 - 000376072 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-09-08 14:04 - 2020-08-10 23:12 - 002173376 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-09-08 14:04 - 2020-08-10 23:12 - 001665104 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-09-08 14:04 - 2020-08-10 21:33 - 001037600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-09-08 14:04 - 2020-08-10 21:33 - 000450312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-09-08 14:04 - 2020-08-10 21:33 - 000317176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-09-08 14:04 - 2020-08-10 21:31 - 001561296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-09-08 14:04 - 2020-08-10 21:31 - 001215736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-09-08 14:04 - 2020-08-10 20:30 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2020-09-08 14:04 - 2020-08-10 20:03 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2020-09-08 14:04 - 2020-08-10 20:03 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-09-08 14:04 - 2020-08-10 20:00 - 003720192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-09-08 14:04 - 2020-08-10 19:57 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\ssdpsrv.dll
2020-09-08 14:04 - 2020-08-10 19:56 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll
2020-09-08 14:04 - 2020-08-10 19:55 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2020-09-08 14:04 - 2020-08-10 19:45 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-09-08 14:04 - 2020-08-10 19:44 - 001099264 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-09-08 14:04 - 2020-08-10 19:44 - 000453632 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-09-08 14:04 - 2020-08-10 19:41 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-09-08 14:04 - 2020-08-10 19:32 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-09-08 14:04 - 2020-08-10 17:44 - 000272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
2020-09-08 14:04 - 2020-08-10 02:18 - 000160144 _____ (Microsoft Corporation) C:\Windows

\system32\CompatTelRunner.exe
2020-09-08 14:04 - 2020-08-09 17:04 - 003223552 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-09-08 14:04 - 2020-08-09 17:04 - 001998848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000843776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000700416 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-09-08 14:04 - 2020-08-09 17:04 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-09-08 14:04 - 2020-08-08 06:43 - 001545912 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-09-08 14:04 - 2020-08-06 06:37 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-09-08 14:04 - 2020-08-06 06:35 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-09-08 14:03 - 2020-08-14 21:33 - 000248832 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2020-09-06 16:42 - 2020-09-10 15:54 - 000000000 ____D C:\FRST
2020-09-06 14:13 - 2020-09-06 14:13 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-09-06 14:13 - 2020-09-06 14:13 - 000217608 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-09-06 14:08 - 2020-09-06 14:08 - 002040904 _____ (Malwarebytes) C:\Users\Linda\Downloads\MBSetup.exe
2020-09-06 13:48 - 2020-09-06 14:14 - 000001955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes.lnk
2020-09-06 13:39 - 2020-09-06 14:14 - 000001943 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-09-06 13:39 - 2020-09-06 14:14 - 000001943 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-09-06 13:39 - 2020-09-06 14:11 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-09-06 13:30 - 2020-09-06 13:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-09-06 13:29 - 2020-09-06 13:29 - 000000000 ____D C:\Program Files\Malwarebytes
2020-09-05 18:34 - 2020-09-05 18:34 - 008414384 _____ (Malwarebytes) C:\Users\Linda\Downloads\adwcleaner_8.0.7.exe
2020-09-02 13:30 - 2020-09-02 13:30 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-09-01 14:25 - 2020-09-07 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-08-29 16:05 - 2020-08-29 16:05 - 000276538 _____ C:\Users\Linda\Downloads\Autoharp Definitions Parts and

Playing Styles.pdf
2020-08-23 15:05 - 2020-08-23 15:06 - 148274769 _____ C:\Users\Linda\Downloads\Windowstweaksguide.zip
2020-08-23 14:11 - 2020-08-23 14:11 - 000002830 _____ C:\Windows\system32\Tasks\IMF_SkipUAC_Linda
2020-08-23 14:10 - 2020-08-23 14:11 - 000000000 ____D C:\Users\Linda\AppData\Roaming\IObit
2020-08-23 14:09 - 2020-09-09 14:27 - 000000000 ____D C:\ProgramData\ProductData
2020-08-23 14:09 - 2020-09-05 18:39 - 000000000 ____D C:\Users\Linda\AppData\LocalLow\IObit
2020-08-23 14:09 - 2020-08-23 14:09 - 000001216 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2020-08-23 14:09 - 2020-08-23 14:09 - 000001216 _____ C:\ProgramData\Desktop\IObit Malware Fighter.lnk
2020-08-23 14:09 - 2020-08-23 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit

Malware Fighter
2020-08-23 14:09 - 2020-08-23 14:09 - 000000000 ____D C:\Program Files (x86)\IObit
2020-08-23 13:48 - 2020-08-23 14:11 - 000000000 ____D C:\ProgramData\IObit
2020-08-23 13:41 - 2020-08-23 13:42 - 064147726 _____ C:\Users\Linda\Downloads\Malwarefightrpro8-pq83yr.zip
2020-08-21 14:11 - 2020-08-21 14:11 - 000002090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat

Reader DC.lnk
2020-08-19 13:25 - 2020-08-14 21:51 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2020-08-19 13:25 - 2020-08-14 21:51 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2020-08-19 13:25 - 2020-08-14 21:36 - 000428544 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-19 13:25 - 2020-08-14 21:16 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2020-08-19 13:25 - 2020-08-14 21:16 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2020-08-19 13:25 - 2020-08-14 21:05 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-19 13:25 - 2020-08-14 21:05 - 000401408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-19 13:25 - 2020-08-14 20:55 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-19 13:25 - 2020-08-14 20:48 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-08-19 13:25 - 2020-08-14 20:42 - 000796160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-19 13:25 - 2020-08-14 20:39 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2020-08-19 13:25 - 2020-08-14 20:35 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-19 13:25 - 2020-08-14 20:28 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-19 13:25 - 2020-08-14 20:26 - 000700928 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-19 13:25 - 2020-08-14 20:24 - 000352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2020-08-19 13:25 - 2020-08-14 20:16 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-15 03:04 - 2020-08-15 03:04 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-15 01:43 - 2020-09-10 13:38 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-08-15 01:42 - 2020-08-13 01:38 - 000335968 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2020-08-13 01:40 - 2020-08-13 01:40 - 000323784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000466752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000217336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000195656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000175200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000109280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000084856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000060488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2020-08-13 01:39 - 2020-08-13 01:39 - 000042776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2020-08-13 01:39 - 2020-08-13 01:38 - 000851608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2020-08-13 01:39 - 2020-08-13 01:38 - 000235592 _____ (AVAST Software) C:\Windows\system32\Drivers

\aswbidsdriver.sys
2020-08-13 01:39 - 2020-08-13 01:38 - 000205888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2020-08-13 01:39 - 2020-08-13 01:38 - 000037152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2020-08-11 13:21 - 2020-08-03 20:58 - 001483264 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-08-11 13:21 - 2020-08-03 20:35 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-08-11 13:21 - 2020-08-03 20:32 - 001338368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-08-11 13:21 - 2020-08-03 20:15 - 000698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-08-11 13:21 - 2020-07-23 00:33 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2020-08-11 13:21 - 2020-07-19 03:45 - 000431352 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-08-11 13:21 - 2020-07-19 03:36 - 000955432 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-08-11 13:21 - 2020-07-19 01:41 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-08-11 13:21 - 2020-07-19 01:10 - 001730048 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.UI.Immersive.dll
2020-08-11 13:21 - 2020-07-17 23:36 - 000317176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-08-11 13:21 - 2020-07-17 23:24 - 000788104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-08-11 13:21 - 2020-07-17 20:40 - 000772096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-08-11 13:21 - 2020-07-17 20:17 - 001548288 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.UI.Immersive.dll
2020-08-11 13:21 - 2020-07-17 12:19 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-08-11 13:21 - 2020-07-15 23:20 - 002745080 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-08-11 13:21 - 2020-07-15 23:18 - 002528696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2020-08-11 13:21 - 2020-07-13 18:17 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2020-08-11 13:21 - 2020-07-13 18:17 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-08-11 13:21 - 2020-07-11 09:40 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2020-08-11 13:21 - 2020-07-11 09:29 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-08-11 13:21 - 2020-07-11 09:17 - 000254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2020-08-11 13:21 - 2020-07-11 09:08 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-08-11 13:21 - 2020-07-11 09:07 - 000252928 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2020-08-11 13:21 - 2020-07-11 08:54 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2020-08-11 13:21 - 2020-07-09 16:33 - 000629504 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2020-08-11 13:21 - 2020-07-09 16:30 - 000464184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2020-08-11 13:21 - 2020-07-04 10:06 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2020-08-11 13:21 - 2020-07-04 09:35 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2020-08-11 13:21 - 2020-06-30 10:27 - 000955904 _____ (Microsoft Corporation) C:\Windows

\system32\AppXDeploymentExtensions.dll
2020-08-11 13:20 - 2020-07-11 08:53 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-08-03 15:36 - 2020-08-03 15:36 - 000000000 ____D C:\ProgramData\Teorex
2020-08-03 15:36 - 2020-08-03 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\FolderIco
2020-08-03 15:36 - 2020-08-03 15:36 - 000000000 ____D C:\Program Files\FolderIco
2020-08-03 15:32 - 2020-08-03 15:33 - 014243321 _____ C:\Users\Linda\Downloads\FolderIco621-od90cn.zip
2020-08-03 14:37 - 2020-08-03 14:38 - 008678056 _____ (teorex ) C:\Users\Linda\Downloads\Photo Resizer Setup.exe
2020-07-25 23:36 - 2020-07-25 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon

TS3300 series manual
2020-07-25 23:33 - 2020-07-25 23:33 - 000000000 ____D C:\Users\Linda\AppData\Roaming\Canon
2020-07-25 23:31 - 2020-07-25 23:31 - 000000000 ____D C:\Program Files\Canon
2020-07-25 23:30 - 2020-07-25 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon

Utilities
2020-07-25 23:30 - 2018-11-06 11:13 - 000355328 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_G3L.dll
2020-07-25 23:30 - 2018-11-02 10:39 - 000089600 _____ C:\Windows\SysWOW64\CNC18A2D.TBL
2020-07-25 23:30 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2020-07-25 23:24 - 2020-07-25 23:24 - 000000000 ___HD C:\ProgramData\CanonBJ
2020-07-25 23:22 - 2020-07-25 23:23 - 000000000 ___HD C:\Program Files\CanonBJ
2020-07-25 23:22 - 2019-08-02 05:00 - 001338368 _____ (CANON INC.) C:\Windows\system32\CNMLMG3.DLL
2020-07-25 23:15 - 2020-09-09 18:10 - 000000000 ____D C:\ProgramData\CanonIJPLM
2020-07-25 23:15 - 2020-07-25 23:35 - 000000000 ____D C:\Program Files (x86)\Canon
2020-07-25 23:15 - 2020-07-25 23:15 - 000000000 ____D C:\ProgramData\Canon
2020-07-25 23:12 - 2020-07-25 23:13 - 020237184 _____ C:\Users\Linda\Downloads\win-ts3300-1_0-n_mcd.exe
2020-07-23 12:33 - 2020-07-23 12:34 - 003647298 _____ C:\Users\Linda\Downloads\40CreativeFonts.zip
2020-07-23 12:30 - 2020-07-23 12:30 - 000000470 _____ C:\Users\Linda\Downloads\40CreativeFonts-om87dg.zip
2020-07-22 13:07 - 2020-07-22 13:07 - 000001172 _____ C:\Users\Linda\Desktop\Fake Voice 7.0.lnk
2020-07-22 13:07 - 2020-07-22 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fake

Voice 7.0
2020-07-22 13:07 - 2020-07-22 13:07 - 000000000 ____D C:\Program Files (x86)\Fake Voice 7.0
2020-07-22 13:07 - 2012-07-20 13:40 - 000023736 _____ (Hajo Krabbenhöft) C:\Windows\system32\Drivers

\tenCapture.sys
2020-07-22 13:07 - 2004-03-09 01:00 - 000152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2020-07-22 13:07 - 2004-03-09 00:00 - 001081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2020-07-22 13:07 - 2004-03-09 00:00 - 000132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2020-07-22 13:04 - 2020-07-22 13:04 - 004680344 _____ (Web Solution Mart ) C:\Users\Linda\Downloads\FVsetup.exe
2020-07-14 14:47 - 2020-06-10 19:44 - 014534656 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-07-14 14:46 - 2020-07-08 01:28 - 000129024 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2020-07-14 14:46 - 2020-06-15 20:11 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2020-07-14 14:46 - 2020-06-12 17:29 - 000092944 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 14:46 - 2020-06-12 16:27 - 000073776 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 14:46 - 2020-06-12 15:53 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2020-07-14 14:46 - 2020-06-12 14:39 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2020-07-14 14:46 - 2020-06-12 14:25 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2020-07-14 14:46 - 2020-06-10 22:03 - 000723008 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-07-14 14:46 - 2020-06-10 21:56 - 000806200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-07-14 14:46 - 2020-06-10 21:37 - 000561896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-07-14 14:46 - 2020-06-10 21:33 - 000613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-07-14 14:46 - 2020-06-10 20:42 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-07-14 14:46 - 2020-06-10 20:39 - 000550400 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Devices.PointOfService.dll
2020-07-14 14:46 - 2020-06-10 20:24 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-07-14 14:46 - 2020-06-10 20:19 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-07-14 14:46 - 2020-06-10 20:17 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-07-14 14:46 - 2020-06-10 20:16 - 000148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-07-14 14:46 - 2020-06-10 20:14 - 000368128 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Devices.PointOfService.dll
2020-07-14 14:46 - 2020-06-10 20:04 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2020-07-14 14:46 - 2020-06-10 20:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-07-14 14:46 - 2020-06-10 19:59 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-07-14 14:46 - 2020-06-10 19:57 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-07-14 14:46 - 2020-06-10 19:56 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2020-07-14 14:46 - 2020-06-10 19:56 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
2020-07-14 14:46 - 2020-06-10 19:54 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2020-07-14 14:46 - 2020-06-10 19:49 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2020-07-14 14:46 - 2020-06-10 19:48 - 000255488 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 14:46 - 2020-06-10 19:45 - 000693248 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Devices.Bluetooth.dll
2020-07-14 14:46 - 2020-06-10 19:44 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
2020-07-14 14:46 - 2020-06-10 19:42 - 000906240 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Devices.SmartCards.dll
2020-07-14 14:46 - 2020-06-10 19:42 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2020-07-14 14:46 - 2020-06-10 19:39 - 000173568 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 14:46 - 2020-06-10 19:37 - 007800320 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.Data.Pdf.dll
2020-07-14 14:46 - 2020-06-10 19:37 - 000469504 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Devices.Bluetooth.dll
2020-07-14 14:46 - 2020-06-10 19:35 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-07-14 14:46 - 2020-06-10 19:35 - 000629248 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Devices.SmartCards.dll
2020-07-14 14:46 - 2020-06-10 19:32 - 003317248 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2020-07-14 14:46 - 2020-06-10 19:29 - 005272064 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.Data.Pdf.dll
2020-07-14 14:46 - 2020-06-08 22:12 - 001764872 _____ (Microsoft Corporation) C:\Windows

\system32\WindowsCodecs.dll
2020-07-14 14:46 - 2020-06-08 22:05 - 000357824 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2020-07-14 14:46 - 2020-06-08 21:37 - 001489528 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\WindowsCodecs.dll
2020-07-14 14:46 - 2020-06-08 21:31 - 000255104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2020-07-14 14:46 - 2020-06-08 21:15 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-07-14 14:46 - 2020-06-08 20:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-07-14 14:46 - 2020-06-08 20:06 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-07-14 14:46 - 2020-06-05 09:15 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2020-07-14 14:46 - 2020-06-05 09:15 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-07-14 14:46 - 2020-06-05 09:14 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2020-07-14 14:46 - 2020-06-05 09:14 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-07-14 14:46 - 2020-06-05 09:06 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-07-14 14:46 - 2020-06-05 09:06 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-07-14 14:46 - 2020-06-05 09:06 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-07-14 14:46 - 2020-06-04 12:33 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-07-14 14:46 - 2020-06-04 12:32 - 002535960 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-07-14 14:46 - 2020-06-04 11:25 - 000427584 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-07-14 14:46 - 2020-06-04 11:21 - 000368240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-07-14 14:46 - 2020-06-03 11:40 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2020-07-14 14:46 - 2020-06-03 11:19 - 000505344 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\StructuredQuery.dll
2020-07-14 14:46 - 2020-06-03 11:08 - 006220288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-07-14 14:46 - 2020-06-03 09:43 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2020-07-14 14:46 - 2020-06-03 09:12 - 000750080 _____ (Microsoft Corporation) C:\Windows

\system32\StructuredQuery.dll
2020-07-14 14:46 - 2020-06-03 08:52 - 007040000 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-07-13 13:04 - 2020-09-10 15:55 - 000000000 ____D C:\Users\Linda\AppData\Roaming\Software Informer
2020-07-13 13:04 - 2020-07-13 13:04 - 000003312 _____ C:\Windows\system32\Tasks\SoftwareInformerService
2020-07-13 13:04 - 2020-07-13 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Software Informer
2020-07-13 13:04 - 2020-07-13 13:04 - 000000000 ____D C:\ProgramData\Informer Technologies, Inc
2020-07-13 13:03 - 2020-07-13 13:04 - 000000000 ____D C:\Program Files\Software Informer
2020-07-13 13:01 - 2020-07-13 13:01 - 006297055 _____ C:\Users\Linda\Downloads\CareUEyes1124.2-sb27nj.zip
2020-07-07 16:16 - 2020-07-07 16:16 - 001442152 _____ C:\Users\Linda\Downloads\Uncle Toms Cabin EPub EBook.epub
2020-07-04 13:22 - 2020-09-01 13:22 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Edge.lnk
2020-07-04 13:22 - 2020-09-01 13:22 - 000002215 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-07-04 13:22 - 2020-09-01 13:22 - 000002215 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-07-04 13:21 - 2020-08-23 23:32 - 000003380 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-07-04 13:21 - 2020-08-23 23:32 - 000003252 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-07-02 14:03 - 2020-07-02 14:03 - 000001214 _____ C:\Users\Linda\Desktop\SoftOrbits Photo Retoucher.lnk
2020-07-02 14:03 - 2020-07-02 14:03 - 000000467 _____ C:\Users\Linda\Desktop\My Software Deals.url
2020-07-02 14:03 - 2020-07-02 14:03 - 000000000 ____D C:\Users\Linda\AppData\Roaming\softorbits
2020-07-02 14:03 - 2020-07-02 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\SoftOrbits Photo Retoucher
2020-07-02 14:03 - 2020-07-02 14:03 - 000000000 ____D C:\Program Files (x86)\SoftOrbits Photo Retoucher
2020-07-02 14:00 - 2020-07-02 14:00 - 000000000 ____D C:\Users\Linda\Downloads\Photoretoucher61-or48gn
2020-07-02 13:57 - 2020-07-02 13:58 - 027230697 _____ C:\Users\Linda\Downloads\Photoretoucher61-or48gn.zip
2020-07-01 12:43 - 2020-07-01 12:43 - 000001534 _____ C:\Users\Public\Desktop\:spam: Video Converter.lnk
2020-07-01 12:43 - 2020-07-01 12:43 - 000001534 _____ C:\ProgramData\Desktop\:spam: Video Converter.lnk
2020-07-01 12:43 - 2020-07-01 12:43 - 000000000 ____D C:\Users\Linda\Documents\:spam: Studio
2020-07-01 12:43 - 2020-07-01 12:43 - 000000000 ____D C:\Users\Linda\AppData\Local\:spam: Studio
2020-07-01 12:43 - 2020-07-01 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:spam:
2020-07-01 12:42 - 2020-07-01 12:42 - 000000000 ____D C:\ProgramData\:spam: Studio
2020-07-01 12:42 - 2020-07-01 12:42 - 000000000 ____D C:\Program Files (x86)\:spam: Studio
2020-07-01 12:38 - 2020-07-01 12:40 - 040113789 _____ C:\Users\Linda\Downloads\TipardVideoConverter9230-pq93rn.zip
2020-06-16 16:04 - 2020-06-16 16:08 - 000000000 ____D C:\Users\Linda\Desktop\mbar
2020-06-16 16:04 - 2020-06-16 16:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-06-16 15:57 - 2020-06-16 15:57 - 008402608 _____ (Malwarebytes) C:\Users\Linda\Downloads\adwcleaner_8.0.5.exe
2020-06-13 15:24 - 2020-06-13 15:24 - 000000000 ____D C:\Malwarebytes
2020-06-13 15:00 - 2020-06-13 15:00 - 025859024 _____ (Piriform Software Ltd) C:\Users\Linda\Downloads

\ccsetup567.exe
2020-06-13 14:02 - 2020-09-08 13:22 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-06-13 14:02 - 2020-09-08 13:22 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-10 15:52 - 2016-11-18 11:16 - 000000000 ____D C:\Users\Linda\AppData\LocalLow\Mozilla
2020-09-10 15:47 - 2014-05-12 13:58 - 000000000 ____D C:\ProgramData\AVAST Software
2020-09-10 15:39 - 2014-05-12 13:54 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-

S-1-5-21-2293777963-1639995663-2975564211-1001
2020-09-10 15:35 - 2014-05-17 18:42 - 000000000 ___DO C:\Users\Linda\OneDrive
2020-09-10 15:30 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-10 15:11 - 2014-07-31 11:07 - 000000000 ____D C:\Users\Linda\AppData\Local\ElevatedDiagnostics
2020-09-10 14:28 - 2014-05-14 18:30 - 000000000 ____D C:\Windows\Minidump
2020-09-10 14:18 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2020-09-10 13:29 - 2014-05-16 22:07 - 019193856 ___SH C:\Users\Linda\Downloads\Thumbs.db
2020-09-09 21:59 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\LiveKernelReports
2020-09-09 21:57 - 2014-07-07 19:14 - 000000805 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-09-09 21:57 - 2014-07-07 19:14 - 000000805 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-09-09 20:18 - 2018-08-09 22:10 - 000000000 ____D C:\Users\Linda\.Epubor_Keys
2020-09-09 20:18 - 2014-05-12 13:46 - 000000000 ____D C:\Users\Linda
2020-09-09 19:03 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\rescache
2020-09-09 16:16 - 2018-12-19 22:58 - 000000000 ____D C:\Users\Linda\AppData\Roaming\HP Photo Creations
2020-09-09 13:20 - 2020-04-07 17:00 - 000000000 ____D C:\Program Files (x86)\Kerish Doctor
2020-09-09 13:14 - 2020-04-07 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerish

Doctor
2020-09-09 04:29 - 2014-03-26 01:01 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-09-09 03:38 - 2013-08-22 07:44 - 000368576 _____ C:\Windows\system32\FNTCACHE.DAT
2020-09-09 03:31 - 2014-12-10 21:00 - 000000000 ____D C:\Windows\system32\appraiser
2020-09-09 03:31 - 2014-07-09 22:08 - 000000000 ___SD C:\Windows\system32\CompatTel
2020-09-09 03:31 - 2013-08-22 08:36 - 000000000 ___RD C:\Windows\ToastData
2020-09-09 02:55 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2020-09-08 14:08 - 2014-05-15 02:23 - 000000000 ____D C:\Windows\system32\MRT
2020-09-08 13:55 - 2014-05-15 02:23 - 129170736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-09-08 13:22 - 2018-03-13 12:52 - 000004468 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-09-08 13:22 - 2015-03-01 18:48 - 000004288 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-09-08 13:22 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-09-08 13:22 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-09-07 18:33 - 2014-05-12 23:40 - 000000000 ____D C:\Users\Linda\Desktop\Old Firefox Data
2020-09-07 01:54 - 2013-08-22 06:25 - 000524288 _____ C:\Windows\system32\config\BBI
2020-09-06 19:22 - 2018-09-12 15:13 - 000000000 ____D C:\Users\Linda\AppData\Local\AVAST Software
2020-09-05 18:44 - 2014-05-16 13:26 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-09-05 18:39 - 2015-03-21 15:22 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-09-05 14:33 - 2017-05-03 15:03 - 000001948 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-09-05 14:33 - 2017-05-03 15:03 - 000001948 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2020-09-02 13:51 - 2016-08-16 18:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-09-02 13:29 - 2016-08-16 18:42 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Firefox.lnk
2020-09-01 14:07 - 2015-03-21 18:48 - 000000000 ____D C:\Users\Linda\AppData\Roaming\HpUpdate
2020-08-25 13:36 - 2014-05-17 09:37 - 000000000 ____D C:\Users\Linda\AppData\Local\CrashDumps
2020-08-25 13:14 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\AppReadiness
2020-08-23 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-23 14:44 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\system32\setup
2020-08-15 14:16 - 2014-12-05 12:29 - 000001990 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-08-15 14:16 - 2014-12-05 12:29 - 000001990 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk

==================== Files in the root of some directories ========

2015-10-28 18:32 - 2015-10-28 18:32 - 000007618 _____ () C:\Users\Linda\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-09 16:39
==================== End of FRST.txt ========================

 

 

And Additional Txt:

 

Ran by Linda (10-09-2020 15:57:21)
Running from C:\Users\Linda\Downloads
Windows 8.1 (Update) (X64) (2014-05-12 20:47:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2293777963-1639995663-2975564211-500 - Administrator - Disabled)
Guest (S-1-5-21-2293777963-1639995663-2975564211-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2293777963-1639995663-2975564211-1003 - Limited - Enabled)
Linda (S-1-5-21-2293777963-1639995663-2975564211-1001 - Administrator - Enabled) => C:\Users\Linda

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Avast Antivirus (Disabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs

should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-

Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20043 - Adobe

Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\Amazon Kindle) (Version: 1.21.0.48017 -

Amazon)
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced

Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.6.2420 - Avast Software)
Bejeweled 3 (HKLM-x32\...\WTA-bdf4df7b-4355-46cc-9f87-efbc17a0eb1a) (Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C5200 (HKLM-x32\...\{E9E9903D-E69D-4004-B9E2-DFB29D1934D7}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{8CD5399E-7215-4BAB-A9F0-EB44B787F7D8}) (Version: 3.39.1 - Kovid Goyal)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 -

Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.2.0 - Canon

Inc.)
Canon TS3300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS3300_series) (Version:

1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems,

Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.2.0 - Conexant)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard)

Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard)

Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.10.627 - Epubor Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fake Voice 7.0 (HKLM-x32\...\FakeVoice7_is1) (Version: 7.0.0 - Web Solution Mart)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version:

2.2.2 - )
FolderIco 6.2.1 (HKLM\...\{22C37D82-6137-40BF-8625-7A846ED65F3A}_is1) (Version:  - teorex)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.8 - Genesys

Logic)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.)

Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard)

Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version:

28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 -

Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version:

28.0.1313.0 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\HP Photo Creations) (Version:

1.0.0.22192 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 -

Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard)

Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-

Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
IObit Malware Fighter 8 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 8.1.0.645 - IObit)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Kerish Doctor 2020 (HKLM-x32\...\{EF70A54F-E09E-4570-8F21-C7674CDDB5B6}_is1) (Version: 4.80 - Kerish Products)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Luxor Evolved (HKLM-x32\...\WTA-12818410-f442-4cd6-ae78-821171a7345a) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 -

Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard)

Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.44 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:

8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version:

8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE})

(Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})

(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-

87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7})

(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})

(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6})

(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf})

(Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-

68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-

e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 -

Microsoft Corporation)
Mozilla Firefox 80.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 80.0.1 (x64 en-US)) (Version: 80.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 80.0.1.7548 - Mozilla)
MP3 Video Converter (HKLM-x32\...\MP3 Video Converter_is1) (Version:  - )
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro

Devices, Inc.)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro

Devices, Inc.) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software

Foundation)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.21 - NCH Software)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-5111b452-e7ad-4f7b-8911-be62d0323456) (Version: 2.2.0.98 -

WildTangent) Hidden
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.6.0 - Canon Inc.)
Program4Pc Photo Editor (HKLM-x32\...\{29A01513-64A8-4543-AF3C-C2E4CD7FFE1A}_is1) (Version: 7.3.0.0 - Program4Pc

Inc.)
PS_AIO_02_ProductContext (HKLM-x32\...\{720C16FC-5423-47B3-A249-5C05FB376E9A}) (Version: 140.0.425.000 - Hewlett-

Packard) Hidden
PS_AIO_02_Software (HKLM-x32\...\{97AD3490-480B-42B2-8001-326621AF34AC}) (Version: 140.0.425.000 - Hewlett-

Packard) Hidden
PS_AIO_02_Software_Min (HKLM-x32\...\{7AB63BFD-91C6-4C21-B2C6-D33A1FC8DE8F}) (Version: 140.0.425.000 - Hewlett-

Packard) Hidden
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-

A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK

Semiconductor Corp.) Hidden
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version:

2.00.0002 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK

Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SoftOrbits Photo Retoucher 6.1 (HKLM-x32\...\SoftOrbits Photo Retoucher_is1) (Version: 6.1 - SoftOrbits)
Software Informer 1.4.1305.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard)

Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
StudioTax 2015 (HKLM-x32\...\{38A3BBA2-1AA6-4DCC-AABF-ECDC37C6B3DB}) (Version: 11.0.5.0 - BHOK IT Consulting)
StudioTax 2016 (HKLM-x32\...\{6BB85096-2F9B-4A4A-BA51-06CF8C2D837A}) (Version: 12.0.8.0 - BHOK IT Consulting)
StudioTax 2017 (HKLM-x32\...\{0143CC3F-58BF-4BA0-9387-8B8BAAF07EBA}) (Version: 13.0.2.1 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{2CA52033-7407-406C-B147-440966DFE228}) (Version: 14.0.3.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM-x32\...\{3EAC29D8-4F0F-43CE-AE7F-CAFED24C8941}) (Version: 15.0.5.0 - BHOK IT Consulting)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1240 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 7.17 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
:spam: Video Converter 9.2.30 (HKLM-x32\...\{4843A9B1-335C-4a13-8CFC-9B986AEBE1E2}_is1) (Version: 9.2.30 - :spam:

Studio)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba

Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba

Corporation)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba

Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba

Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 5.0.1.0 -

Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.03.6400 - Toshiba

Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba

Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba

Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboTax Free Forms 2014 (HKLM-x32\...\{9755D4A0-8B7C-4E18-ABE1-5562F227E100}) (Version: 1.0.11.2 - Intuit Canada)
TurboTax Free version 1.0.1 (HKLM-x32\...\{EF63699B-79A1-4A7D-B02D-AD5976701864}_is1) (Version: 1.0.1 - Intuit

Canada)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games

App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-

toshiba) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 4.5.1.174 -

WildTangent) Hidden
Zoom (HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications,

Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{173B961D-03FB-46E1-A7DC-4800D9ECE6EF}) (Version: 4.3.4903 - Zoom)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2019-08-21]

(WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.8_neutral__343d40qqvtj1t [2017-09-22] (Amazon.com)
Ask Toshiba -> C:\Program Files\WindowsApps\7906AAC0.TOSHIBACanadaPartners_1.0.0.4_neutral__nvaxck9xhg5vg [2017-

09-22] (Toshiba Corporation)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps

\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-07-25] (Canon Inc.)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2017-09-22]

(Evernote)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2017-09-22] (Microsoft

Corporation) [MS Ad]
HP All-in-One Printer Remote -> C:\Program Files\WindowsApps

\AD2F1837.HPPrinterControl_55.1.43.0_x86__v10z8vjag6ke6 [2017-09-22] (Hewlett-Packard Company)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-09

-22] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe

[2017-09-22] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-09-22]

(Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-09-22] (Microsoft

Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-09-22]

(Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-09-22]

(Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-09-22]

(Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-09-22] (Microsoft

Corporation) [MS Ad]
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp [2019-

08-21] (Symantec Corporation)
Skitch Touch -> C:\Program Files\WindowsApps\Evernote.Skitch_2.4.2000.1918_neutral__q4d96b2w5wcc2 [2017-09-22]

(Evernote)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-09-22] (Skype) [MS

Ad]
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps

\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.1.1.33_x64__679ekb9hp1h62 [2019-08-21] (sMedio)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-09-22] (Microsoft

Corporation) [MS Ad]
Warranty / Service -> C:\Program Files\WindowsApps

\7906AAC0.ToshibaCanadaWarrantyService_1.1.0.3_neutral__nvaxck9xhg5vg [2017-09-22] (Toshiba Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)

ShellIconOverlayIdentifiers: [                    IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:

\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology ->

IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software

\Avast\ashShell.dll [2020-08-13] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST

Software\Avast\ashShell.dll [2020-08-13] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast

\ashShell.dll [2020-08-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files

(x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast

\ashShell.dll [2020-08-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files

(x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies

\ATI.ACE\Core-Static\atiacm64.dll [2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast

\ashShell.dll [2020-08-13] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Folderico] -> {CC0C45C5-EFDE-4B8A-A8B0-9ED733D9E6AC} => C:\Program Files\FolderIco

\FolderIco.dll [2019-02-21] (Maxim Gapchenko -> TeoreX)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files

(x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will

not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\system32\ff_vfw.dll [127488 2013-03-13] () [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [243746 2011-06-23] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\system32\x264vfw64.dll [4035584 2012-07-01] (x264vfw project) [File

not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\system32\ac3filter64.acm [1202688 2012-06-17] () [File not

signed]
HKLM\...\Drivers32: [vidc.ffds] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-03-13] () [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [242259 2011-06-23] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [4102656 2012-07-01] (x264vfw project) [File

not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [965120 2012-06-17] () [File not

signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\LameACM.acm [756224 2012-02-28]

(hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2000-03-31] (Packed With Joy !)

[File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-25 23:30 - 2017-11-02 15:36 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon

\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2020-07-25 23:30 - 2017-11-02 15:36 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon

\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files

(x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows

\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows

\system32\hpzipm12.dll
2020-07-13 13:04 - 2015-06-26 13:16 - 001694720 _____ (Informer Technologies, Inc.) [File not signed] C:\Program

Files\Software Informer\core.dll
2020-07-13 13:04 - 2015-06-09 12:14 - 000274432 _____ (Informer Technologies, Inc.) [File not signed] C:\Program

Files\Software Informer\iebrowser.dll
2020-07-13 13:04 - 2015-06-26 13:15 - 000020992 _____ (Informer Technologies, Inc.) [File not signed] C:\Program

Files\Software Informer\impl.dll
2020-07-13 13:04 - 2015-06-26 13:15 - 000115712 _____ (Informer Technologies, Inc.) [File not signed] C:\Program

Files\Software Informer\siUiWindowResources.dll
2020-07-13 13:04 - 2015-06-09 12:14 - 000015360 _____ (Informer Technologies, Inc.) [File not signed] C:\Program

Files\Software Informer\wbacommon.dll
2014-08-15 11:25 - 2012-02-14 19:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Windows

\system32\Rtlihvs.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Linda\Downloads\Friends in need.MP3:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be

restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2019-01-04 02:19 - 000000039 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files

\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%

\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE

\Core-Static;C:\Program Files\Calibre2\
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Linda\AppData

\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5)

(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: AppEx Networks Accelerator -> appex_acc (enabled)
Ethernet: AppEx Networks Accelerator -> appex_acc (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "GwxControlPanelMonitor"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2293777963-1639995663-2975564211-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless

listed separately.)

FirewallRules: [{AC486EEA-74CF-4B78-9DD0-1C6B4D270019}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(VideoLAN -> VideoLAN)
FirewallRules: [{28A7AC11-7982-4B2F-986B-8600EDC18FD1}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(VideoLAN -> VideoLAN)
FirewallRules: [{6D597648-2464-404C-9373-FE7260FA8052}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(VideoLAN -> VideoLAN)
FirewallRules: [{36AC0C70-C481-41ED-8B58-48BE137E3518}] => (Allow) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{FAEA1F34-89CE-420C-9C7B-166EF2FED5BB}C:\program files (x86)\mozilla firefox

\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla

Corporation)
FirewallRules: [UDP Query User{9C8BB9C4-2911-4E24-8647-43D63D6E6908}C:\program files (x86)\mozilla firefox

\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla

Corporation)
FirewallRules: [{6B3689E7-3A8F-4E4D-B975-466ACFCCB9F3}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410

series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8A72C2C8-C6C5-4295-9A89-9D1D8CE38468}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free

Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.) [File not signed]
FirewallRules: [{8E402D31-FE76-458F-B6AA-0D957E82F869}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free

Torrent Download\FreeTorrentDownload.exe (Digital Wave Ltd -> DVDVideoSoft Ltd.) [File not signed]
FirewallRules: [{FAB736E7-ADC0-4820-84B8-8B49A3753A26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox

\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{78E7DF50-A22E-494E-A35D-C962E3C0C613}] => (Allow) C:\Program Files (x86)\Mozilla Firefox

\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8F651453-656B-451A-8D3D-CF6DE4FD5022}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CEEA0713-0994-46BA-A2C8-A78BBC2D268C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A04BA326-47A8-49C3-933E-01F056C8CB89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpofxm08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E433CC18-7DBC-40F9-97A0-F425748A0F01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hposfx08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4C4B3EAA-01B1-4800-AE74-A56FC3E0D02A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EFC000A9-853C-4737-9277-EBE8187C61D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{ECC795B3-ECF9-4793-8848-72C8B5ACDBDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{48093F0C-4AB9-49FA-83DC-1D61F749BEAA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{D942B797-FE63-4E00-B1C6-EBEC62F1B167}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpzwiz01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{A15552B4-BED9-44E0-BA0A-93F412CCBBDC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{52F12043-5012-4D40-8B4F-77A409E678E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqnrs08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{39E06013-53ED-4A51-9674-E78BB596C320}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9DC0A831-5F84-468B-A506-3EE83C1E73F3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpofxs08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B1F36DA2-B8FA-4417-84E1-CF5EFFD01462}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqfxt08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{3A3576E4-291C-4005-B1C1-0D7C00D9C4C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{AFFAFA6E-1ED3-4E1F-9EA0-EE02F70DADE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{D818264C-3D34-4C97-955F-15E9A7F4B213}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{288CE03A-9013-4C47-A2C4-849B56244CA2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0589188D-10B0-436F-9C9C-7A041307329A}] => (Allow) C:\Program Files (x86)\HP\hp software update

\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{BE78632D-2750-49B1-9373-272E84ABD34F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

(Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{79A6CF78-A424-4A49-AC55-5AB49A4AA80E}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

(Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{317E62C1-EEF9-42ED-8D32-9BCC0D4971C1}C:\program files (x86)\kerish doctor

\kerishdoctor.exe] => (Block) C:\program files (x86)\kerish doctor\kerishdoctor.exe (OOO AMA -> Kerish Products)
FirewallRules: [UDP Query User{A851490D-00CA-4B81-8ABE-1399FE8B19F7}C:\program files (x86)\kerish doctor

\kerishdoctor.exe] => (Block) C:\program files (x86)\kerish doctor\kerishdoctor.exe (OOO AMA -> Kerish Products)

==================== Restore Points =========================

21-08-2020 14:00:56 Windows Update
29-08-2020 17:35:23 Scheduled Checkpoint
05-09-2020 18:38:56 AdwCleaner_BeforeCleaning_05/09/2020_18:38:54
07-09-2020 01:50:25 Restore Operation

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/09/2020 03:37:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.912, time stamp: 0x5f334ad4
Faulting module name: MBAMCore.dll, version: 3.0.0.1064, time stamp: 0x5f47bd05
Exception code: 0xc0000005
Fault offset: 0x0000000000090b42
Faulting process id: 0xa98
Faulting application start time: 0x01d686f8aad399e8
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: 0e7f2abb-f2ed-11ea-842c-c454442c9198
Faulting package full name:
Faulting package-relative application ID:

Error: (09/09/2020 03:03:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6852) C:\Users\Linda\AppData\Local\Packages

\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cb4ea351a2c3f73a\120712-0049\: Error -1811

(0xfffff8ed) occurred while opening logfile C:\Users\Linda\AppData\Local\Packages

\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\cb4ea351a2c3f73a\120712-0049\DBStore

\LogFiles\edb00005.log.

Error: (09/07/2020 03:41:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: Windows.UI.Search.dll, version: 6.3.9600.17415, time stamp: 0x54503885
Exception code: 0xc0000005
Fault offset: 0x000000000019e9ec
Faulting process id: 0xe64
Faulting application start time: 0x01d6856762aa153d
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\Windows.UI.Search.dll
Report Id: 37e799bd-f15b-11ea-841d-c454442c9198
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2020 02:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MBAMService.exe, version: 3.2.0.912, time stamp: 0x5f334ad4
Faulting module name: MBAMCore.dll, version: 3.0.0.1064, time stamp: 0x5f47bd05
Exception code: 0xc0000005
Fault offset: 0x0000000000013632
Faulting process id: 0xacc
Faulting application start time: 0x01d684f495be53c4
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Report Id: caf44b2f-f14f-11ea-841c-c454442c9198
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2020 01:56:34 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information:

0x81000204.

Error: (09/06/2020 03:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDALAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!

ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational

log for additional information.

Error: (09/06/2020 03:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LINDALAPTOP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!

ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational

log for additional information.

Error: (09/05/2020 06:33:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (09/10/2020 03:34:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast!

Antivirus service.

Error: (09/10/2020 03:30:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:08:03 PM on ‎2020-‎09-‎10 was unexpected.

Error: (09/10/2020 02:28:18 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffffe000c0ad7cc0,

0x0000000000000002, 0x0000000000000001, 0xfffff8018917e205). A dump was saved in: C:\Windows\MEMORY.DMP. Report

Id: 091020-32859-01.

Error: (09/10/2020 02:28:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:18:09 PM on ‎2020-‎09-‎10 was unexpected.

Error: (09/10/2020 02:22:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (09/10/2020 02:18:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:05:29 PM on ‎2020-‎09-‎10 was unexpected.

Error: (09/10/2020 02:10:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (09/10/2020 02:05:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:53:34 PM on ‎2020-‎09-‎10 was unexpected.


Windows Defender:
===================================
Date: 2016-08-31 08:49:06.087
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {0180B729-5234-4EDC-BDF3-F251962612B3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-05-27 01:23:50.733
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {FD5689BD-AEC6-4A5C-878D-3C95FD85DF53}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-05-26 19:43:28.609
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {9EB10630-2F91-47E1-BD79-225F583324C0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-05-26 18:30:42.965
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {731BBED3-46D2-453D-9AFD-450A0B135F3A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2015-05-26 17:12:01.104
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {A4936E02-CE50-4679-8352-374D222BE472}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2016-08-30 17:07:31.184
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.824.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2016-04-15 16:24:41.166
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.199.824.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.11701.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or

troubleshooting updates, see Help and Support.

Date: 2015-12-08 22:47:38.945
Description:
Windows Defender has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version: 2.1.11502.0
Error Code: 0x8007045b
Error description: A system shutdown is in progress.

Date: 2015-12-08 22:47:38.945
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 114.3.0.0
Update Source: User
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.11502.0
Error code: 0x8007045b
Error description: A system shutdown is in progress.

Date: 2015-12-08 22:47:38.711
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.211.2201.0
Previous Signature Version: 1.199.824.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.12300.0
Previous Engine Version: 1.1.11701.0
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the

program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-02-27 12:31:26.059
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:24.496
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:23.038
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:20.928
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:18.975
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:17.288
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:14.927
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-02-27 12:31:13.380
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows

\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. 1.40 09/12/2013
Motherboard: AMD Larne
Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3533.51 MB
Available physical RAM: 1251.96 MB
Total Virtual: 7117.51 MB
Available Virtual: 3986.29 MB

==================== Drives ================================

Drive c: (TI80156100A) (Fixed) (Total:455.48 GB) (Free:384.93 GB) NTFS

\\?\Volume{c6f317f3-2d47-11e3-8bb8-cb929fe6eb11}\ (System) (Fixed) (Total:1 GB) (Free:0.61 GB) NTFS
\\?\Volume{69f0f96a-b4cc-11e3-b81e-c454442c9198}\ (Recovery) (Fixed) (Total:9.06 GB) (Free:0.83 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

#7
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 182 posts

Hi star_stitcher5..! :)  I apologize for the delayed answer .. but I am engaged in my office on new projects and I do not have enough time for the forum ..!
 
Before taking any action, I suggest that we first analyze what exactly causes BSDO ..!
 
 
Step 1:
BlueScreenView

 

  • Download BlueScreenView and save it to your desktop
  • Right click on BlueScreenView.exe then select Run as administrator
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply

 

 

Step 2.

Scanning with SecurityCheck by glax24

  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

 

 

Please include in your next reply:

  • Contents of BSOD.txt  log file
  • Contents of SecurityCheck.txt log file

  • 0

#8
star_stitcher5

star_stitcher5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

The BSOD scan isn't being saved in Notebook, I have the scan file, followed instructions saved as BOSD.txt....Notebook isn't opening it. I can't find the SecurityCheck file either.... I've disabled Avast and have no more BSOD crashes. I'm thinking it's a conflict between Avast and IObit  Malware software which is a new istallation. I've had Avast for years without problems......Sorry but these scan results I just can't locate, they come up as not existing or not found...


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP