Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I may have a trojan virus

Started by Washetoo , May 14 2020 08:46 AM

Please log in to reply

#1
Washetoo

Posted 14 May 2020 - 08:46 AM

Member

Member
38 posts

Hello, Today before I logged onto the computer I could hear it running as though it was working on something already. The log in process did not work properly and once I did log in the computer was running slow. Just opening a window or web page was sluggish and online video game screens did not fully render. The mouse pointer locks in place on the screen and it appears to move about erratically.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
Ran by Steve (administrator) on STEVE-PC (Dell Inc. Studio XPS 8100) (14-05-2020 08:14:52)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve
Platform: Windows 10 Home Version 1909 18363.778 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alcor Micro Corp.) [File not signed] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dell Inc. -> SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Facebook, Inc. -> Facebook) C:\Users\Steve\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\Steve\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee Security Scan\3.11.1719\SSScheduler.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_1\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\CoreUI\Launch.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.772_none_5f13f94c58ff41d3\TiWorker.exe
(NETGEAR -> Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.) [File not signed]
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\EptMon64.dll [21504 2009-10-15] (Creative Technology Ltd.) [File not signed]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.) [File not signed]
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\Run: [HP ENVY Photo 7100 (NET)] => C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\ScanToPCActivationApp.exe [4064160 2019-03-18] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3372832 2020-04-27] (Valve -> Valve Corporation)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1825744 2020-04-21] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\...\Run: [HP ENVY Photo 7100 (NET)] => C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\ScanToPCActivationApp.exe [4064160 2019-03-18] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3372832 2020-04-27] (Valve -> Valve Corporation)
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1825744 2020-04-21] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-2126779717-1312616141-414031349-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064217782\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2126779717-1312616141-414031349-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064218485\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064214689\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-03-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1719\SSScheduler.exe (McAfee, LLC -> McAfee, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2018-11-01]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-05]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Steve\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0060F4F9-C3BB-45F8-ADF6-8446937723C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)
Task: {08F2FB35-75CE-4327-90AD-18DD9D11591F} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {108191A9-B81B-4A89-8324-CBAE19F79526} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {19A7AACA-5CB8-498E-9C2F-96B660D3564D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {22F96D1B-D540-4FC5-B9D8-BB45E274D728} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {276CB943-0FC2-464C-AFF1-972EA15DFF0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C362EB4-8053-43A6-BA72-BD6420FBE056} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2D76A2B7-61A8-4001-91BD-2403A210CFAC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2E1FE781-73BB-413D-BC10-71EF4660F186} - System32\Tasks\HPCustParticipation HP ENVY Photo 7100 series => C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPCustPartic.exe [6659488 2019-03-18] (HP Inc -> HP Inc.)
Task: {2F71164D-1181-41C0-A09E-5B4AA1220707} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-18] (Adobe Inc. -> Adobe)
Task: {32F4050D-2881-4AEE-87DE-152266044E8C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {34E08A51-7865-467F-BD01-B14F897CD923} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {367B7261-251B-4B7C-92C1-DB533D14F1AC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {39E05497-F332-4E00-8E4B-060E1803FC1F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {3A79D6E2-FA26-4257-99E0-10274054C3F4} - System32\Tasks\{F669A1E0-0F2E-47AF-B532-88847F1F8A68} => C:\Windows\system32\pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T9L9IH5A\JavaSetup8u45.exe" -d C:\Users\Steve\Desktop
Task: {43194335-EBB5-4561-B6E4-AE9F151D822B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {45001587-1E69-46DA-ADDA-8E61A3DEFAFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {45C6C4AE-AC7B-4BE1-9633-3921946D5788} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.9.577\mcdatrep.exe [1826656 2019-12-12] (McAfee, Inc. -> McAfee, LLC.)
Task: {460D5FE4-DCD8-40FB-B850-0B6D8962B2AF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-18] (Adobe Inc. -> Adobe)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4C9C1653-252B-4082-8DE0-E7DD7263BF86} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5043BBDD-FB4B-43EA-B98D-465C92741B4C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {52BAD8ED-E58A-4EE9-9DC6-B78D25B2BC74} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761424 2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Task: {5594358D-B7FE-4280-8C55-27F2288EABF4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C}
Task: {55CB7007-C249-4BC7-A1FF-03A82008C1CA} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {5990458A-69B8-46EF-B2B4-3926EFFC52FC} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {633E6906-1388-4235-A404-90CEBA38C54C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {63C7A0E5-B90B-4913-BB15-A4623643A6AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {674E761A-1C56-4639-9114-EC815ED10FCB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {6901E460-B81D-4BFA-847C-256B9A9D294C} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.134\DADUpdater.exe [4147336 2020-03-20] (McAfee, Inc. -> McAfee, LLC)
Task: {693998BB-504B-49C9-B060-265204087637} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [550848 2018-09-19] (Piriform Ltd -> Piriform Ltd)
Task: {6C876844-9496-4246-A984-9516F1186740} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6DD71C20-833A-447E-B542-3F5261EE0DB7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71437354-E985-401A-AC82-7F07E9AC448E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {743E044B-DE63-47F6-9DA8-E9B817066376} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7A2EE8C6-D82D-48B9-AA59-C54A3E8F5491} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {81C91F2C-A058-4B59-9AA8-352C6ED6FA35} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {829A157E-CAA9-4751-AC4D-5F5A042A72C8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83CFE42F-9ECC-4A65-B3BD-549ADC39767C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {84084A39-63CC-4C24-81B1-0D09EBB720A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-07-10] (Google Inc -> Google Inc.)
Task: {87879C5E-84AE-4340-8EEB-B6FC8FD89F0E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {949A672C-21D2-4831-85B0-4E3312AE3190} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {95D44650-B512-4F7E-8937-EA100CB2CB3C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9721E916-859D-401D-BE52-CBB64FFB45C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)
Task: {997C9B59-4132-4E53-9997-E3878B6BA018} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A0AFC522-E575-47FA-9685-9C11A3F91258} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A0C47F00-3581-4FC0-AB65-05AE3DF924B0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {A145FB7A-F343-4AC2-96A2-B0135FFBF36F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE0EDA73-6C12-4FAF-87C1-AFE365E863F1} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AE1E62D9-3944-465E-90E6-F836B2B3BC08} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B85E8E50-04A3-4D32-8211-C4C3A1134671} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB7E869E-194C-454F-9CBB-D4F06A4C0041} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {BC70B943-ACFF-4605-AD8E-572DAA02BA15} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD682918-AECB-411E-99C7-AF0558419E97} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C02DCCEC-FA7B-44A5-959A-DABA9DA9A921} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C95F6FC2-F48F-4300-9B31-ECAD0E79ECFB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBB900A1-CD8A-48E2-91D0-04018C8F4428} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC4FE8CA-1E3D-4F3B-ACCD-425E6CBE06F8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CC6C8F9B-EDB0-4EA1-AD07-35CBBF27B95B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {D049FA15-366A-4936-BE98-30BA1F5F1755} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [320856 2020-04-23] (HP Inc. -> HP Inc.)
Task: {D1937180-37B5-4FC7-8D5B-D62364DAD431} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1AFFD06-5FE9-47FC-9609-AB85AAA9F4FD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {DCFD5C37-A6F5-474B-8DBB-5DD0A250C23F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DFCDBB11-B59A-4668-843B-FBBCED4427EE} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {DFD2F50F-27EF-4C9C-A0FC-46FDC7C39B1E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E38C46BD-59CC-4520-A98D-17E0E9CBF3DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286088 2019-12-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E7D394DF-55C8-419F-98F0-3685095EBE5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {EB2D6327-6E2B-4201-AC21-944C68564E6E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F04B9BF4-B65B-4FA9-AC76-D262D7C31D2B} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {FB552AA2-8C66-49D0-A958-EBF4A79A4FB2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {FBCFF9A8-AED7-457E-BCCA-EB216366D720} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-07-10] (Google Inc -> Google Inc.)
Task: {FC698D1C-8FBC-4100-8686-D6116D44CC6D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {FEDB12BA-C593-49E2-B5E1-CC57D459171D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0e3da44d-f79e-4abb-9a53-e4c1dcef5001}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5c81cd94-64ff-43fc-ba2c-ad444fc8324c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll No File
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll No File
URLSearchHook: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll No File
SearchScopes: HKLM -> DefaultScope {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> DefaultScope {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {9DF20BFE-9C9A-4470-BD31-CD34778F77A3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_58129979_1201_1401_20160723_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> {D8009B4E-5E8B-43E8-A566-9ABF0B745A8F} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> DefaultScope {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {3BD6259F-67D1-4B56-80DF-4A2959E88953} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {7A9F991B-3D8A-4AC1-8BA8-BC302CA21DED} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {9DF20BFE-9C9A-4470-BD31-CD34778F77A3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US105D20110717&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_58129979_1201_1401_20160723_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {D16712B1-06E5-40C6-BE20-6F6D92D9B613} URL =
SearchScopes: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> {D8009B4E-5E8B-43E8-A566-9ABF0B745A8F} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Program Files (x86)\Amazon\Amazon Assistant\aaMessenger.dll [2017-06-14] (Amazon Services LLC -> )
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MSKAPB~1.DLL => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-04-20] (McAfee, LLC -> McAfee, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\Program Files (x86)\Amazon\Amazon Assistant\aaMessenger.dll [2017-06-14] (Amazon Services LLC -> )
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\mskapbho.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies SA -> Skype Technologies S.A.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-04-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies SA -> Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)

Edge:
======
DownloadDir: C:\Users\Steve\Downloads
Edge Notifications: HKU\S-1-5-21-2126779717-1312616141-414031349-1003 -> hxxps://www.facebook.com; hxxps://yourbittorrent2.com

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-04-20] [UpdateUrl:hxxps://www.siteadvisor.com/waffinstall/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbi[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-03-06] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-02-05] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2020-04-16]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (Yahoo Partner) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\commhkacjheiacaopdonmodahaoadoln [2020-03-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-21]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-16]
CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-03-04]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [104624 2017-06-14] (Amazon Services LLC -> )
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [378744 2020-03-31] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-11] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [916712 2020-04-20] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_1\McApExe.exe [758864 2020-02-05] (McAfee, LLC. -> McAfee, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.1719\McCHSvc.exe [407088 2020-03-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [639048 2020-01-09] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1737992 2020-02-06] (McAfee, LLC -> McAfee, LLC.)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [237520 2020-04-21] (TEFINCOM S.A. -> )
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1373912 2020-02-04] (McAfee, LLC. -> McAfee, LLC.)
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (NETGEAR -> Realtek Semiconductor Corp.)
S4 SftService; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (Dell Inc -> SoftThinks SAS)
S4 sprtsvc_DellSupportCenter; C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [206064 2009-05-21] (Dell Inc. -> SupportSoft, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\NisSrv.exe [2455544 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0\MsMpEng.exe [110104 2019-07-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [7957584 2018-11-01] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation )
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-12] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75896 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-17] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [125088 2020-05-09] (Malwarebytes Inc -> Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [85080 2019-06-04] (McAfee, LLC -> McAfee, LLC.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [527272 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [380840 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85920 2020-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521128 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [997800 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [594360 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2019-12-23] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116856 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252328 2020-01-15] (McAfee, Inc. -> McAfee, LLC)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-04-20] (TEFINCOM S.A. -> WireGuard LLC)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-10-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [47704 2019-07-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [367032 2019-07-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-07-08] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
S3 mfeplk01; \Device\mfeplk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-14 08:14 - 2020-05-14 08:21 - 000045936 _____ C:\Users\Steve\Desktop\FRST.txt
2020-05-14 08:13 - 2020-05-14 08:20 - 000000000 ____D C:\FRST
2020-05-14 08:03 - 2020-05-14 08:03 - 002286080 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2020-05-12 18:11 - 2020-05-12 18:11 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2020-05-12 18:11 - 2020-05-12 18:11 - 000002285 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2020-05-12 18:11 - 2020-05-12 18:11 - 000002285 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2020-05-09 07:31 - 2020-05-09 15:00 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-05-09 07:30 - 2020-05-09 07:30 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-05-09 07:30 - 2020-05-09 07:30 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-05-09 07:30 - 2020-05-09 07:30 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-05-09 07:30 - 2020-05-09 07:30 - 000125088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-04-27 06:42 - 2020-04-27 06:42 - 000002041 _____ C:\Users\Public\Desktop\NordVPN.lnk
2020-04-27 06:42 - 2020-04-27 06:42 - 000002041 _____ C:\ProgramData\Desktop\NordVPN.lnk
2020-04-27 06:42 - 2020-04-27 06:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2020-04-27 06:42 - 2020-04-27 06:42 - 000000000 ____D C:\Program Files (x86)\NordVPN
2020-04-27 06:41 - 2020-04-27 06:41 - 000000000 ____D C:\Program Files\NordVPN network TUN
2020-04-27 06:23 - 2020-04-27 06:23 - 000000000 ____D C:\Users\Steve\AppData\Local\IsolatedStorage
2020-04-24 21:28 - 2020-05-03 18:54 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla
2020-04-24 21:28 - 2020-04-24 21:28 - 000000952 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2020-04-24 21:28 - 2020-04-24 21:28 - 000000904 _____ C:\Users\Steve\Desktop\Start Tor Browser.lnk
2020-04-24 21:28 - 2020-04-24 21:28 - 000000000 ____D C:\Users\Steve\Desktop\Tor Browser
2020-04-24 07:27 - 2020-04-24 07:27 - 000000000 ___RD C:\Users\Steve\Downloads\325289AEDD75.TorrentRTFREE_qtx9tqphctw9r!App
2020-04-23 17:58 - 2020-04-27 06:42 - 000000000 ____D C:\Users\Steve\AppData\Local\NordVPN
2020-04-23 17:58 - 2020-04-23 17:58 - 000000000 ____D C:\ProgramData\NordVPN
2020-04-23 17:58 - 2020-04-23 17:58 - 000000000 ____D C:\ProgramData\Caphyon
2020-04-23 17:57 - 2020-04-23 17:57 - 000000000 ____D C:\Program Files (x86)\NordVPN network TAP
2020-04-21 10:30 - 2020-04-21 10:30 - 000000000 ___HD C:\OneDriveTemp
2020-04-20 06:00 - 2020-04-20 06:00 - 000039360 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\nlwt.sys
2020-04-16 18:59 - 2020-04-16 18:59 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 022636544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 019812864 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 018027520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 006523048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 004129624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-16 18:59 - 2020-04-16 18:59 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001077064 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000783480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-16 18:59 - 2020-04-16 18:59 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-16 18:59 - 2020-04-16 18:59 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-16 18:59 - 2020-04-16 18:59 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-16 18:58 - 2020-04-16 18:58 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 004563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 003802624 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 003587384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 002767928 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 002453504 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 002086656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001999960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-16 18:58 - 2020-04-16 18:58 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000127280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-16 18:58 - 2020-04-16 18:58 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-16 18:58 - 2020-04-16 18:58 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-16 18:13 - 2020-04-16 18:14 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-16 18:13 - 2020-04-16 18:14 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-14 08:12 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-14 08:11 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-14 08:04 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-14 07:02 - 2019-08-10 01:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-14 06:58 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-05-14 06:44 - 2019-08-10 02:02 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8B40685A-D79D-4276-AA7C-A6D93E75798D}
2020-05-14 06:41 - 2018-10-25 15:12 - 000000000 ____D C:\Program Files (x86)\Steam
2020-05-14 06:39 - 2016-07-07 07:08 - 000000000 ___RD C:\Users\Steve\OneDrive
2020-05-14 06:38 - 2018-09-18 19:24 - 000000000 __RSD C:\Users\Steve\Documents\McAfee Vaults
2020-05-13 12:56 - 2019-08-10 02:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-05-12 19:59 - 2017-03-02 16:20 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-05-12 18:11 - 2015-07-10 19:20 - 000000000 ____D C:\Program Files (x86)\Google
2020-05-11 15:09 - 2019-03-18 22:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-05-11 08:39 - 2019-12-21 09:18 - 000003242 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForSteve
2020-05-11 08:39 - 2019-12-21 09:18 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSteve.job
2020-05-09 15:39 - 2019-08-10 01:41 - 000000000 ____D C:\Users\Steve
2020-05-09 15:00 - 2019-08-10 02:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-09 07:31 - 2020-03-11 18:14 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\IGDump
2020-05-08 19:09 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-05-07 19:35 - 2017-03-02 16:21 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-07 19:35 - 2017-03-02 16:21 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-07 19:35 - 2017-03-02 16:21 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-05 12:48 - 2020-01-28 00:29 - 000001281 _____ C:\Users\Steve\Desktop\Facebook Gameroom.lnk
2020-05-05 12:48 - 2020-01-28 00:29 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2020-05-05 12:45 - 2016-11-28 12:32 - 000000000 ____D C:\Users\Steve\AppData\Local\Facebook
2020-05-01 08:37 - 2019-08-10 02:02 - 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2126779717-1312616141-414031349-1003
2020-05-01 08:37 - 2019-08-10 01:41 - 000002405 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-29 19:47 - 2019-08-10 02:02 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-04-27 06:43 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-24 07:26 - 2018-09-20 18:14 - 000000000 ____D C:\Users\Steve\AppData\Local\PlaceholderTileLogoFolder
2020-04-24 07:26 - 2017-12-09 13:39 - 000000000 ____D C:\Users\Steve\AppData\Local\Packages
2020-04-18 06:41 - 2019-08-10 02:02 - 000004586 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-18 06:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-18 06:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-18 06:40 - 2015-06-11 20:53 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe
2020-04-17 07:34 - 2019-07-17 21:04 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-17 06:29 - 2019-08-10 01:52 - 000972220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-17 06:21 - 2019-08-10 01:30 - 000502944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-16 23:46 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-16 23:46 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-16 23:46 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-16 23:46 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr

==================== Files in the root of some directories ========

2010-05-11 17:31 - 2010-05-11 17:31 - 000003584 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by Steve (14-05-2020 08:23:29)
Running from C:\Users\Steve\Desktop
Windows 10 Home Version 1909 18363.778 (X64) (2019-08-10 08:03:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2126779717-1312616141-414031349-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2126779717-1312616141-414031349-503 - Limited - Disabled)
Guest (S-1-5-21-2126779717-1312616141-414031349-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2126779717-1312616141-414031349-1005 - Limited - Enabled)
Steve (S-1-5-21-2126779717-1312616141-414031349-1003 - Administrator - Enabled) => C:\Users\Steve
WDAGUtilityAccount (S-1-5-21-2126779717-1312616141-414031349-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20063 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Amazon Assistant (HKLM-x32\...\{3BBC4F87-1F46-431F-A5DB-AFB28F692775}) (Version: 10.17.0612 - Amazon) <==== ATTENTION
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM\...\{C73A3942-84C8-4597-9F9B-EE227DCBA758}) (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DirectXInstallService (HKLM-x32\...\{098122AB-C605-4853-B441-C0A4EB359B75}) (Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (HKLM-x32\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (HKLM\...\{02AD9D20-03D2-4DE0-8793-E8253026AD86}) (Version: 1.0.302 - Sonic) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Earth Pro (HKLM-x32\...\{7A3374DE-3D99-4BD9-9FE8-A76498632D98}) (Version: 7.3.3.7699 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY Photo 7100 series Basic Device Software (HKLM\...\{16D8C168-238A-4BEB-9A76-B82EEF4E0D51}) (Version: 44.4.2678.1977 - HP Inc.)
HP ENVY Photo 7100 series Help (HKLM-x32\...\{044AF040-9AF7-4B0A-ABB5-302B9D6A8155}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{3D16A9C5-8107-4EBB-B988-08CD363A9D0F}) (Version: 12.15.14.3 - HP Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R24 - McAfee, LLC.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.1719.1 - McAfee, LLC)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.92 - McAfee, LLC.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5207.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2126779717-1312616141-414031349-1003\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
NETGEAR A6100 Genie (HKLM-x32\...\{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.36 - NETGEAR) Hidden
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.36 - NETGEAR)
NordVPN (HKLM-x32\...\{A87972CF-28AE-43DD-ACB5-16EBD1ED70C3}) (Version: 6.29.7 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.29.7) (Version: 6.29.7 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5207.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5207.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5207.1000 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Product Improvement Study for HP ENVY Photo 7100 series (HKLM\...\{F10CFC4B-5353-43C0-9953-ABC58D0F9FDE}) (Version: 44.4.2678.1977 - HP Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4036 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Sonic Solutions) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.167.200.0_x86__kgqvnymyfvs32 [2020-05-06] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-15] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-20] (Microsoft Corporation)
Torrent RT FREE -> C:\Program Files\WindowsApps\325289AEDD75.TorrentRTFREE_1.1.12.0_x64__qtx9tqphctw9r [2020-04-24] (Vlasenko Bros.) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-20] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-07-08] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-08-15] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers1: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers2: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions -> Sonic Solutions)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-02-05] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers6: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2009-06-26] (Sonic Solutions -> Sonic Solutions)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-05-01 10:23 - 2020-05-01 10:23 - 000774656 _____ ( () [File not signed]) [File is in use ] C:\Users\Steve\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 001184256 _____ ( () [File not signed]) [File is in use ] C:\Users\Steve\AppData\Local\Facebook\Games\CefSharp.Core.dll
2009-05-21 07:59 - 2009-05-21 07:59 - 000024464 _____ ( (SupportSoft, Inc. -> SupportSoft, Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
2009-05-21 07:59 - 2009-05-21 07:59 - 000040848 _____ ( (SupportSoft, Inc. -> SupportSoft, Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
2009-05-21 07:59 - 2009-05-21 07:59 - 000073728 _____ ( (SupportSoft, Inc.) [File not signed]) [File is in use ] C:\Program Files (x86)\Dell Support Center\bin\sprtmessage.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 071641088 _____ () [File not signed] C:\Users\Steve\AppData\Local\Facebook\Games\libcef.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 000078848 _____ () [File not signed] C:\Users\Steve\AppData\Local\Facebook\Games\libegl.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 003149824 _____ () [File not signed] C:\Users\Steve\AppData\Local\Facebook\Games\libglesv2.dll
2010-05-06 09:16 - 2009-10-15 12:32 - 000021504 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\EptMon64.dll
2010-05-06 09:16 - 2009-10-15 12:38 - 000017920 _____ (Creative Technology Ltd.) [File not signed] C:\Windows\system32\THXCfg64.dll
2010-05-06 09:07 - 2009-12-29 15:35 - 001060864 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.DLL
2010-05-06 09:07 - 2009-12-29 15:35 - 000499712 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MSVCP71.dll
2010-05-06 09:07 - 2009-12-29 15:35 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD DX\MSVCR71.dll
2009-05-21 07:59 - 2009-05-21 07:59 - 001069056 _____ (SupportSoft, Inc.) [File not signed] C:\Program Files (x86)\Dell Support Center\bin\LIBEAY32.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\Steve\AppData\Local\Facebook\Games\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2020-03-21 08:33 - 000000887 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064214314\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064214501\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2126779717-1312616141-414031349-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2126779717-1312616141-414031349-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064215017\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2126779717-1312616141-414031349-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064217782\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2126779717-1312616141-414031349-1012-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064218485\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05142020064214689\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Amazon Assistant Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: mcbootdelaystartsvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\startupfolder: C:^Users^Steve^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{421F5BAA-6A00-4B1C-A89C-8092DC6878AB}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS354B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{048E09C7-5FF0-489B-BAF8-862694153206}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS354B\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{7B67A2A7-E1B2-43E3-B04F-EA6866EB6FE4}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{7E309907-1D23-45D4-AAA6-AF4A8F59F173}] => (Allow) LPort=5357
FirewallRules: [{9AE51D12-511C-48A9-86B5-5437AA81EACE}] => (Allow) C:\Program Files\HP\HP ENVY Photo 7100 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{3A04430D-0EFC-4329-8CDA-E2E0D76BCADB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{D7BAC63E-96A9-4C19-8581-DEA233266485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{9303D8F9-DF2A-4F1C-AE27-E2729012B5F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment)
FirewallRules: [{6DAA56C1-277E-4BE3-8FAF-6209D3C59443}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment)
FirewallRules: [{1B8C8418-7092-4A17-9E8A-0519D2F1DFFD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6AF5DD61-3A29-49A6-8BE7-6383ED0CF426}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{058AC763-BA7E-4D70-BE32-895F21015C21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Return to Castle Wolfenstein\WolfMP.exe () [File not signed]
FirewallRules: [{3D0A9E24-8A38-4041-85FB-6D28D19C5900}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Return to Castle Wolfenstein\WolfMP.exe () [File not signed]
FirewallRules: [{A719F3A2-F23D-4540-AF4D-5196BCC3B785}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Return to Castle Wolfenstein\WolfSP.exe () [File not signed]
FirewallRules: [{36BDD945-20C2-4DFE-9BBB-D12A1C89C46C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Return to Castle Wolfenstein\WolfSP.exe () [File not signed]
FirewallRules: [{2E841706-E345-43DB-8945-A75AAE8F0F3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe => No File
FirewallRules: [{ABBF6AA7-936B-4A8E-AA77-E5FD3A8DFD69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe => No File
FirewallRules: [{EF884D64-CB4D-493F-9202-8636C5FED3EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{9E69E0B7-9551-4F0A-8B5B-9DAC57AD90A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{5F043165-204D-45AF-90EF-8BE8DBAE4AAD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{EDF65F4E-F146-4F2C-A2FF-C5921C3043AD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1ECDDE05-B09C-411B-8287-A41CADACD4D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A0CC7100-6542-4392-987A-09BB1CDBDFFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6D62E83E-5D3D-4DD8-998C-7A9A9BAFA153}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
FirewallRules: [{D93AF924-9EF3-4F25-914A-38B88701C160}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
FirewallRules: [{FB9EDA76-53EA-4C1B-B8AC-5B87CB558736}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS428A\HP.EasyStart.exe => No File
FirewallRules: [{D80D20DE-E26C-4C53-9B1E-1F6AA03F0F80}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{7B91679E-A0B3-441B-B79F-85F67B003DC0}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [UDP Query User{ECB6991E-C966-4E8F-9A2B-CA963C36326C}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{7E337C97-2529-4F5D-948A-49E83712CA18}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe] => (Allow) C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{D09492D7-8790-4B64-8E3A-AAE29ECD8AAA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0717CA3B-45BB-46DA-92EF-C22A25764015}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{47FD41E5-C370-4E0A-99FD-01CC339CD7C1}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{A62F5D17-6035-4A90-890E-C69EFD12EE87}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{8CBCB993-B44E-4D5C-9509-BA197A8556A0}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{DC66297B-F748-4457-B8AB-D0B6E181E16F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{05FD4A43-2A69-4CFF-892A-6628172EF025}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{84EBCE59-E8C2-4C36-AE73-BAAD296CE789}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG -> Sony DADC Austria AG) [File not signed]
FirewallRules: [{68D60C25-04C7-49DC-B08C-06BD91BEDCD8}] => (Allow) C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe (Sony DADC Austria AG -> Sony DADC Austria AG) [File not signed]
FirewallRules: [{D780303B-4D77-4303-839A-F4DA8511FA99}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{1D1BD262-6155-4BD1-A217-32350A3A77A6}] => (Allow) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe => No File
FirewallRules: [{91B40DB7-D83C-4029-B7BF-A058BC59C1D0}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE7EE797-1903-4AEA-9E5E-CE3A078DE523}] => (Allow) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{3CB4AEE4-9EFC-495B-AE6E-302F5555CABA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E7D93D7-5119-4EE5-BCC2-7D674CA5801C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BEA8B30F-A285-4C2B-A0AA-EB77F954C4C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{2F641C97-940F-4A69-88D9-CCA7A2E0336B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{97DB2482-2176-48D0-911E-269EE1FD4EAA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{25700504-E82F-4049-A074-B29F5B88DC7F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9837606A-315A-4E6E-9D6A-A8D57C82CEED}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CF5F9CD4-351F-469F-A579-A66BA218A56B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58A85BD9-4790-485A-96FC-4D131B40CE7D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-05-2020 19:01:10 Windows Backup
10-05-2020 19:02:28 Windows Backup
14-05-2020 06:57:02 Windows Update

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: ========================

Application errors:
==================
Error: (05/14/2020 08:24:38 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9204,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/14/2020 08:00:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6024

Start Time: 01d629f7ce7feda1

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 30d67f5f-77da-4ef1-832b-5411a9dca584

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (05/14/2020 07:58:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3954

Start Time: 01d629f7b03aa955

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 7b739e7b-c508-40a1-94ff-5a3ecbfec5f1

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Cross-thread

Error: (05/14/2020 07:46:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 47b8

Start Time: 01d629f5f8016d34

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 825c7146-9d49-447b-b026-a6ffbfd63748

Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (05/14/2020 07:42:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 65c4

Start Time: 01d629f2be35023f

Termination Time: 0

Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe

Report Id: cc590a48-303a-46ba-b145-1a65ced1013a

Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (05/14/2020 06:38:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: A6100.exe, version: 1.0.0.36, time stamp: 0x5a9f54e3
Faulting module name: RtlIhvOid.dll, version: 1.1033.704.2013, time stamp: 0x51d4df6c
Exception code: 0xc000000d
Fault offset: 0x0001966d
Faulting process id: 0x4b08
Faulting application start time: 0x01d629ec84b4174f
Faulting application path: C:\Program Files (x86)\NETGEAR\A6100\A6100.exe
Faulting module path: C:\Program Files (x86)\NETGEAR\A6100\RtlIhvOid.dll
Report Id: 6f067ce3-26cb-4ec1-8607-3ee54152b241
Faulting package full name:
Faulting package-relative application ID:

Error: (05/13/2020 10:21:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.18362.1, time stamp: 0x32d6c210
Faulting module name: wpnuserservice.dll, version: 10.0.18362.1, time stamp: 0xea13e855
Exception code: 0xc0000409
Fault offset: 0x0000000000008596
Faulting process id: 0x3b78
Faulting application start time: 0x01d62959a8866957
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\wpnuserservice.dll
Report Id: 36ed5c4d-05bc-4a7d-96f8-64533c204497
Faulting package full name:
Faulting package-relative application ID:

Error: (05/13/2020 09:40:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (22044,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (05/13/2020 10:21:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek8723AU service.

Error: (05/13/2020 10:20:52 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-PC)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_3368612a with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

Error: (05/13/2020 10:20:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GameDVR and Broadcast User Service_3368612a service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/13/2020 10:20:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GameDVR and Broadcast User Service_3368612a service to connect.

Error: (05/13/2020 02:41:39 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 14 failed to bind to its provider.

Error: (05/13/2020 01:34:59 PM) (Source: DCOM) (EventID: 10010) (User: STEVE-PC)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca did not register with DCOM within the required timeout.

Error: (05/13/2020 01:05:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek8723AU service.

Error: (05/13/2020 01:04:42 PM) (Source: DCOM) (EventID: 10005) (User: STEVE-PC)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_30c479fe with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

CodeIntegrity:
===================================

Date: 2020-05-14 07:45:15.759
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:45:15.742
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:45:15.730
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:45:15.700
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:45:15.693
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:45:15.529
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:35:39.481
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-14 07:35:25.970
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A03 12/09/2009
Motherboard: Dell Inc. 0T568R
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 77%
Total physical RAM: 3959.07 MB
Available physical RAM: 873.28 MB
Total Virtual: 10273.86 MB
Available Virtual: 3465.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.01 GB) (Free:482.66 GB) NTFS
Drive k: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:201.16 GB) NTFS

\\?\Volume{bdd980e4-592e-11df-9826-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:10.12 GB) (Free:3.76 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C796C701)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=586 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 05B730D7)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#2
RKinner

Posted 14 May 2020 - 02:42 PM

Malware Expert

Expert
24,538 posts

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#3
Washetoo

Posted 14 May 2020 - 05:57 PM

Member

Topic Starter
Member
38 posts

STEVE-PC.txt 132.22KB 290 downloads

Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 63.03 60 K 8 K 0
NordVPN.exe 23.99 199,164 K 144,832 K 13520 (Verified) TEFINCOM S.A.
System 3.51 204 K 1,640 K 4
procexp64.exe 2.70 41,104 K 80,892 K 12348 (Verified) Microsoft Corporation
WmiPrvSE.exe 2.46 11,880 K 11,640 K 6360 (Verified) Microsoft Windows
dwm.exe 0.90 61,548 K 38,236 K 1116 (Verified) Microsoft Windows
Interrupts 0.62 0 K 0 K n/a
steam.exe 0.51 39,540 K 23,032 K 13432 (Verified) Valve
svchost.exe 0.38 11,520 K 15,292 K 3712 (Verified) Microsoft Windows Publisher
SkypeApp.exe 0.35 202,944 K 123,848 K 11636 (No signature was present in the subject) Microsoft Corporation
MicrosoftEdgeCP.exe 0.23 170,936 K 193,852 K 3024 (Verified) Microsoft Windows
svchost.exe 0.20 10,368 K 23,328 K 8984 (Verified) Microsoft Windows Publisher
svchost.exe 0.17 4,896 K 8,256 K 5792 (Verified) Microsoft Windows Publisher
A6100.EXE 0.16 10,164 K 7,844 K 8020 (Verified) NETGEAR TAIWAN CO., LTD
MBAMService.exe 0.14 353,616 K 152,280 K 3924 (Verified) Malwarebytes Inc
svchost.exe 0.07 10,632 K 12,608 K 772 (Verified) Microsoft Windows Publisher
csrss.exe 0.07 2,580 K 3,224 K 788 (Verified) Microsoft Windows Publisher
svchost.exe 0.06 6,352 K 8,712 K 2384 (Verified) Microsoft Windows Publisher
servicehost.exe 0.04 12,912 K 16,808 K 3812 (Verified) McAfee, LLC
Memory Compression 0.04 1,520 K 126,676 K 2004
explorer.exe 0.04 111,892 K 87,316 K 9092 (Verified) Microsoft Windows
MicrosoftEdge.exe 0.04 41,396 K 98,244 K 2844 (Verified) Microsoft Corporation
lsass.exe 0.04 12,376 K 15,208 K 944 (Verified) Microsoft Windows Publisher
FacebookGameroom.exe 0.02 53,404 K 41,672 K 13776 (Verified) Facebook, Inc.
mcapexe.exe 0.02 2,944 K 2,516 K 6852 (Verified) McAfee, LLC.
svchost.exe 0.02 3,044 K 6,904 K 2604 (Verified) Microsoft Windows Publisher
uihost.exe 0.02 7,400 K 5,516 K 8840 (Verified) McAfee, LLC
HPNETW~1.EXE 0.02 3,284 K 6,716 K 14156 (Verified) HP Inc
MicrosoftEdgeCP.exe 0.02 99,492 K 124,172 K 9968 (Verified) Microsoft Windows
MMSSHOST.exe 0.01 35,624 K 44,128 K 11072 (Verified) McAfee, LLC.
ScanToPCActivationApp.exe 0.01 4,756 K 8,088 K 13368 (Verified) HP Inc
MfeAVSvc.exe 0.01 27,868 K 24,908 K 16452 (Verified) McAfee, LLC.
steamwebhelper.exe 0.01 20,108 K 11,704 K 13640 (Verified) Valve
ModuleCoreService.exe 0.01 43,632 K 42,780 K 3844 (Verified) McAfee, LLC
SearchIndexer.exe 0.01 41,928 K 27,220 K 10728 (Verified) Microsoft Windows
officeclicktorun.exe < 0.01 32,200 K 20,316 K 3732 (Verified) Microsoft Corporation
svchost.exe < 0.01 10,204 K 8,380 K 14308 (Verified) Microsoft Windows Publisher
SecurityHealthService.exe < 0.01 3,920 K 5,200 K 10676 (Verified) Microsoft Windows Publisher
mbamtray.exe < 0.01 33,020 K 14,144 K 8828 (Verified) Malwarebytes Inc
SteamService.exe < 0.01 5,372 K 2,504 K 11588 (Verified) Valve
Facebook Gameroom Browser.exe < 0.01 96,864 K 14,028 K 14580 (Verified) Facebook, Inc.
spoolsv.exe < 0.01 12,944 K 8,624 K 3196 (Verified) Microsoft Windows
RtlService.exe < 0.01 1,740 K 2,212 K 3960 (Verified) NETGEAR
NvBackend.exe < 0.01 3,276 K 2,948 K 10512 (Verified) NVIDIA Corporation
ProtectedModuleHost.exe < 0.01 4,940 K 3,632 K 5496 (Verified) McAfee, LLC.
svchost.exe < 0.01 3,064 K 4,232 K 3076 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,984 K 11,948 K 3348 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,516 K 3,320 K 1732 (Verified) Microsoft Windows Publisher
mfemms.exe < 0.01 6,404 K 7,000 K 3804 (Verified) McAfee, Inc.
svchost.exe < 0.01 14,520 K 18,340 K 532 (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1,856 K 2,096 K 688 (Verified) Microsoft Windows Publisher
nordvpn-service.exe < 0.01 72,464 K 9,544 K 3264 (Verified) TEFINCOM S.A.
svchost.exe < 0.01 1,920 K 3,296 K 2128 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 41,016 K 33,540 K 1788 (Verified) Microsoft Windows Publisher
nvvsvc.exe < 0.01 4,676 K 5,152 K 1968 (Verified) NVIDIA Corporation
svchost.exe < 0.01 3,148 K 5,440 K 9728 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,652 K 4,480 K 5068 (Verified) Microsoft Windows Publisher
YourPhone.exe Suspended 21,296 K 6,312 K 11376 (No signature was present in the subject)
WUDFHost.exe  2,228 K 1,748 K 1592 (Verified) Microsoft Windows
winlogon.exe  2,844 K 3,156 K 840 (Verified) Microsoft Windows
wininit.exe  1,452 K 1,232 K 780 (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe  15,904 K 10,436 K 12204 (Verified) Microsoft Windows
Video.UI.exe Suspended 22,200 K 460 K 13812 (No signature was present in the subject)
unsecapp.exe  1,548 K 2,192 K 8604 (Verified) Microsoft Windows
taskhostw.exe  18,408 K 20,820 K 9076 (Verified) Microsoft Windows
SystemSettings.exe Suspended 37,880 K 780 K 11716 (Verified) Microsoft Windows
svchost.exe  10,968 K 16,224 K 8900 (Verified) Microsoft Windows Publisher
svchost.exe  7,852 K 19,652 K 9580 (Verified) Microsoft Windows Publisher
svchost.exe  5,112 K 9,440 K 2148 (Verified) Microsoft Windows Publisher
svchost.exe  7,364 K 7,376 K 4092 (Verified) Microsoft Windows Publisher
svchost.exe  1,676 K 1,784 K 1436 (Verified) Microsoft Windows Publisher
svchost.exe  3,632 K 4,236 K 9924 (Verified) Microsoft Windows Publisher
svchost.exe  3,468 K 5,824 K 2376 (Verified) Microsoft Windows Publisher
svchost.exe  6,792 K 11,820 K 2808 (Verified) Microsoft Windows Publisher
svchost.exe  16,996 K 8,424 K 1444 (Verified) Microsoft Windows Publisher
svchost.exe  4,320 K 7,232 K 8316 (Verified) Microsoft Windows Publisher
svchost.exe  2,788 K 2,712 K 1036 (Verified) Microsoft Windows Publisher
svchost.exe  4,888 K 7,124 K 2080 (Verified) Microsoft Windows Publisher
svchost.exe  2,708 K 2,192 K 6480 (Verified) Microsoft Windows Publisher
svchost.exe  31,692 K 13,496 K 3692 (Verified) Microsoft Windows Publisher
svchost.exe  2,156 K 1,140 K 3972 (Verified) Microsoft Windows Publisher
svchost.exe  4,220 K 2,584 K 3628 (Verified) Microsoft Windows Publisher
svchost.exe  4,188 K 2,668 K 3880 (Verified) Microsoft Windows Publisher
svchost.exe  2,316 K 4,312 K 1452 (Verified) Microsoft Windows Publisher
svchost.exe  2,048 K 1,436 K 1764 (Verified) Microsoft Windows Publisher
svchost.exe  3,792 K 7,700 K 2692 (Verified) Microsoft Windows Publisher
svchost.exe  2,448 K 4,328 K 3784 (Verified) Microsoft Windows Publisher
svchost.exe  2,624 K 4,508 K 1268 (Verified) Microsoft Windows Publisher
svchost.exe  1,864 K 2,780 K 2892 (Verified) Microsoft Windows Publisher
svchost.exe  2,960 K 4,628 K 2900 (Verified) Microsoft Windows Publisher
svchost.exe  4,824 K 13,428 K 2460 (Verified) Microsoft Windows Publisher
svchost.exe  3,980 K 5,024 K 2276 (Verified) Microsoft Windows Publisher
svchost.exe  2,668 K 3,904 K 3060 (Verified) Microsoft Windows Publisher
svchost.exe  3,776 K 10,076 K 6292 (Verified) Microsoft Windows Publisher
svchost.exe  8,124 K 11,900 K 3636 (Verified) Microsoft Windows Publisher
svchost.exe  7,264 K 9,552 K 1632 (Verified) Microsoft Windows Publisher
svchost.exe  1,560 K 448 K 2616 (Verified) Microsoft Windows Publisher
svchost.exe  3,468 K 3,232 K 10832 (Verified) Microsoft Windows Publisher
svchost.exe  6,756 K 9,920 K 4608 (Verified) Microsoft Windows Publisher
svchost.exe  19,104 K 28,812 K 3672 (Verified) Microsoft Windows Publisher
svchost.exe  2,036 K 2,572 K 3424 (Verified) Microsoft Windows Publisher
svchost.exe  1,380 K 1,364 K 1820 (Verified) Microsoft Windows Publisher
svchost.exe  1,724 K 2,216 K 6324 (Verified) Microsoft Windows Publisher
svchost.exe  2,420 K 8,488 K 5188 (Verified) Microsoft Windows Publisher
svchost.exe  6,352 K 3,776 K 1652 (Verified) Microsoft Windows Publisher
svchost.exe  5,512 K 5,712 K 10652 (Verified) Microsoft Windows Publisher
svchost.exe  6,276 K 1,816 K 16144 (Verified) Microsoft Windows Publisher
svchost.exe  2,660 K 3,820 K 13180 (Verified) Microsoft Windows Publisher
svchost.exe  4,860 K 2,952 K 10488 (Verified) Microsoft Windows Publisher
svchost.exe  2,024 K 1,228 K 1620 (Verified) Microsoft Windows Publisher
svchost.exe  1,724 K 1,420 K 4136 (Verified) Microsoft Windows Publisher
svchost.exe  1,888 K 5,024 K 16176 (Verified) Microsoft Windows Publisher
svchost.exe  1,836 K 1,496 K 2392 (Verified) Microsoft Windows Publisher
svchost.exe  980 K 936 K 504 (Verified) Microsoft Windows Publisher
svchost.exe  1,596 K 1,608 K 1328 (Verified) Microsoft Windows Publisher
svchost.exe  1,492 K 1,384 K 1604 (Verified) Microsoft Windows Publisher
svchost.exe  2,900 K 5,932 K 1756 (Verified) Microsoft Windows Publisher
svchost.exe  1,936 K 2,352 K 2036 (Verified) Microsoft Windows Publisher
svchost.exe  1,972 K 2,416 K 2072 (Verified) Microsoft Windows Publisher
svchost.exe  10,192 K 11,104 K 3272 (Verified) Microsoft Windows Publisher
svchost.exe  2,684 K 2,736 K 3500 (Verified) Microsoft Windows Publisher
svchost.exe  1,772 K 3,524 K 3508 (Verified) Microsoft Windows Publisher
svchost.exe  1,668 K 2,476 K 3652 (Verified) Microsoft Windows Publisher
svchost.exe  4,164 K 7,544 K 3916 (Verified) Microsoft Windows Publisher
svchost.exe  1,300 K 756 K 4108 (Verified) Microsoft Windows Publisher
svchost.exe  1,332 K 1,092 K 4228 (Verified) Microsoft Windows Publisher
svchost.exe  1,632 K 1,028 K 4316 (Verified) Microsoft Windows Publisher
svchost.exe  2,384 K 2,828 K 5272 (Verified) Microsoft Windows Publisher
svchost.exe  1,624 K 1,488 K 6760 (Verified) Microsoft Windows Publisher
svchost.exe  2,204 K 3,964 K 6768 (Verified) Microsoft Windows Publisher
svchost.exe  3,068 K 3,608 K 7060 (Verified) Microsoft Windows Publisher
svchost.exe  1,704 K 1,468 K 10900 (Verified) Microsoft Windows Publisher
svchost.exe  1,452 K 5,024 K 8880 (Verified) Microsoft Windows Publisher
steamwebhelper.exe  25,588 K 5,292 K 14720 (Verified) Valve
steamwebhelper.exe  11,104 K 7,312 K 12180 (Verified) Valve
steamwebhelper.exe  66,280 K 15,532 K 14904 (Verified) Valve
steamwebhelper.exe  36,380 K 6,140 K 13908 (Verified) Valve
steamwebhelper.exe  53,644 K 5,232 K 14704 (Verified) Valve
steamwebhelper.exe  7,872 K 3,296 K 9572 (Verified) Valve
StartMenuExperienceHost.exe  38,140 K 41,892 K 10548 (Verified) Microsoft Windows
SSScheduler.exe  1,704 K 2,216 K 13708 (Verified) McAfee, LLC
sqlwriter.exe  1,704 K 2,192 K 4044 (Verified) Microsoft Corporation
sqlbrowser.exe  1,516 K 1,252 K 3992 (Verified) Microsoft Corporation
sprtcmd.exe  14,768 K 3,316 K 13996 (Verified) Dell Inc.
SMSvcHost.exe  27,496 K 2,420 K 3944 (Verified) Microsoft Corporation
SMSvcHost.exe  24,788 K 1,924 K 6024 (Verified) Microsoft Corporation
smss.exe  1,192 K 368 K 592 (Verified) Microsoft Windows Publisher
smartscreen.exe  19,348 K 24,800 K 4576 (Verified) Microsoft Windows
SkypeBridge.exe  40,380 K 27,700 K 13976 (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe  2,064 K 3,156 K 8184 (No signature was present in the subject) Microsoft Corporation
sihost.exe  8,720 K 19,556 K 2816 (Verified) Microsoft Windows
ShwiconXP9106.exe  1,876 K 2,808 K 13880 (No signature was present in the subject) Alcor Micro Corp.
ShellExperienceHost.exe Suspended 19,040 K 1,736 K 1176 (Verified) Microsoft Windows
SgrmBroker.exe  3,004 K 3,616 K 10344 (Verified) Microsoft Windows Publisher
SettingSyncHost.exe  14,636 K 1,824 K 13264 (Verified) Microsoft Windows
services.exe  5,772 K 5,952 K 928 (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe  2,032 K 2,488 K 2152 (Verified) Microsoft Windows
SearchUI.exe Suspended 88,320 K 1,432 K 12216 (Verified) Microsoft Windows
RuntimeBroker.exe  12,528 K 30,504 K 12312 (Verified) Microsoft Windows
RuntimeBroker.exe  8,080 K 14,516 K 11148 (Verified) Microsoft Windows
RuntimeBroker.exe  6,204 K 3,844 K 10636 (Verified) Microsoft Windows
RuntimeBroker.exe  3,560 K 3,412 K 2996 (Verified) Microsoft Windows
RuntimeBroker.exe  6,008 K 9,532 K 13140 (Verified) Microsoft Windows
RuntimeBroker.exe  2,784 K 6,340 K 12624 (Verified) Microsoft Windows
RuntimeBroker.exe  3,440 K 3,156 K 14108 (Verified) Microsoft Windows
RuntimeBroker.exe  2,980 K 2,784 K 8456 (Verified) Microsoft Windows
rundll32.exe  2,132 K 2,564 K 10508 (Verified) Microsoft Windows
rundll32.exe  1,912 K 2,288 K 1984 (Verified) Microsoft Windows
RemindersServer.exe Suspended 7,432 K 7,128 K 10160 (Verified) Microsoft Windows
Registry  7,940 K 41,328 K 96
RAVCpl64.exe  4,108 K 4,080 K 11028 (Verified) Realtek Semiconductor Corp
QcShm.exe  3,112 K 11,012 K 17420 (Verified) McAfee, LLC.
procexp.exe  4,592 K 11,084 K 9700 (Verified) Microsoft Corporation
PEFService.exe  1,696 K 1,696 K 3936 (Verified) McAfee, LLC.
PDVDDXSrv.exe  3,028 K 3,096 K 13896 (Verified) CyberLink
OneDrive.exe  18,220 K 16,636 K 13332 (Verified) Microsoft Corporation
nvxdsync.exe  6,972 K 12,700 K 1956 (Verified) NVIDIA Corporation
nvvsvc.exe  2,572 K 4,496 K 1660 (Verified) NVIDIA Corporation
nvtray.exe  3,360 K 6,516 K 14008 (Verified) NVIDIA Corporation
MusNotifyIcon.exe  3,240 K 3,060 K 8452 (Verified) Microsoft Windows
mqsvc.exe  4,828 K 3,004 K 3152 (Verified) Microsoft Windows
ModuleCoreService.exe  13,432 K 19,372 K 7452 (Verified) McAfee, LLC
MicrosoftEdgeSH.exe  5,052 K 16,696 K 14992 (Verified) Microsoft Windows
MicrosoftEdgeCP.exe  5,896 K 25,412 K 15712 (Verified) Microsoft Windows
MicrosoftEdgeCP.exe  5,888 K 26,292 K 11848 (Verified) Microsoft Windows
mfevtps.exe  9,464 K 8,836 K 5400 (Verified) McAfee, Inc.
McUICnt.exe  13,676 K 19,112 K 4740 (Verified) McAfee, LLC.
mcshield.exe  50,584 K 26,752 K 7532 (Verified) McAfee, Inc.
McPvTray.exe  3,168 K 528 K 9632 (Verified) McAfee, LLC.
McCSPServiceHost.exe  7,820 K 12,476 K 7124 (Verified) McAfee, LLC.
HxTsr.exe Suspended 10,876 K 960 K 13504 (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe Suspended 56,632 K 780 K 3108 (No signature was present in the subject) Microsoft Corporation
HPSupportSolutionsFrameworkService.exe  40,264 K 5,476 K 10108 (Verified) HP Inc.
GoogleCrashHandler64.exe  1,752 K 352 K 9516 (Verified) Google LLC
GoogleCrashHandler.exe  1,772 K 284 K 10152 (Verified) Google LLC
fontdrvhost.exe  2,432 K 2,416 K 572 (Verified) Microsoft Windows
fontdrvhost.exe  1,744 K 1,184 K 568 (Verified) Microsoft Windows
dllhost.exe  1,584 K 3,412 K 2164 (Verified) Microsoft Windows
dllhost.exe  5,888 K 8,040 K 12260 (Verified) Microsoft Windows
dasHost.exe  8,632 K 9,480 K 3476 (Verified) Microsoft Windows
ctfmon.exe  4,028 K 8,180 K 1044 (Verified) Microsoft Windows
conhost.exe  1,552 K 1,420 K 1880 (Verified) Microsoft Windows
browser_broker.exe  5,072 K 20,500 K 2256 (Verified) Microsoft Windows
BcmSqlStartupSvc.exe  1,388 K 1,832 K 3856 (Verified) Microsoft Corporation
armsvc.exe  1,420 K 1,840 K 3868 (Verified) Adobe Inc.
ApplicationFrameHost.exe  29,480 K 32,212 K 10476 (Verified) Microsoft Windows

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
Registry                        96 N/A
smss.exe                       592 N/A
csrss.exe                      688 N/A
wininit.exe                    780 N/A
csrss.exe                      788 N/A
winlogon.exe                   840 N/A
services.exe                   928 N/A
lsass.exe                      944 EFS, KeyIso, SamSs, VaultSvc
svchost.exe                    504 PlugPlay
svchost.exe                    532 BrokerInfrastructure, DcomLaunch, Power,
                                   SystemEventsBroker
fontdrvhost.exe                572 N/A
fontdrvhost.exe                568 N/A
svchost.exe                    772 RpcEptMapper, RpcSs
svchost.exe                   1036 LSM
dwm.exe                       1116 N/A
svchost.exe                   1268 NcbService
svchost.exe                   1328 hidserv
svchost.exe                   1436 CoreMessagingRegistrar
svchost.exe                   1444 EventLog
svchost.exe                   1452 TimeBrokerSvc
WUDFHost.exe                  1592 N/A
svchost.exe                   1604 DispBrokerDesktopSvc
svchost.exe                   1652 nsi
nvvsvc.exe                    1660 nvsvc
svchost.exe                   1732 Dhcp
svchost.exe                   1756 ProfSvc
svchost.exe                   1764 EventSystem
svchost.exe                   1788 SysMain
svchost.exe                   1820 Themes
nvxdsync.exe                  1956 N/A
nvvsvc.exe                    1968 N/A
Memory Compression            2004 N/A
svchost.exe                   2036 SENS
svchost.exe                   1632 Schedule
svchost.exe                   2072 AudioEndpointBuilder
svchost.exe                   2080 NlaSvc
svchost.exe                   2128 FontCache
svchost.exe                   2276 Dnscache
svchost.exe                   2376 netprofm
svchost.exe                   2460 lfsvc
svchost.exe                   2604 UserManager
svchost.exe                   2692 Audiosrv
svchost.exe                   2808 StateRepository
svchost.exe                   2892 DusmSvc
svchost.exe                   2900 Wcmsvc
svchost.exe                   3060 WinHttpAutoProxySvc
svchost.exe                   2384 WlanSvc
svchost.exe                   3076 ShellHWDetection
spoolsv.exe                   3196 Spooler
nordvpn-service.exe           3264 nordvpn-service
svchost.exe                   3272 BFE, mpssvc
svchost.exe                   3424 LanmanWorkstation
svchost.exe                   3500 IKEEXT
svchost.exe                   3508 PolicyAgent
svchost.exe                   3628 AppHostSvc
svchost.exe                   3636 CryptSvc
svchost.exe                   3652 DeviceAssociationService
svchost.exe                   3672 DiagTrack
svchost.exe                   3692 DPS
svchost.exe                   3712 Winmgmt
officeclicktorun.exe          3732 ClickToRunSvc
svchost.exe                   3784 LanmanServer
mfemms.exe                    3804 mfemms, mfevtp
servicehost.exe               3812 McAfee WebAdvisor
ModuleCoreService.exe         3844 ModuleCoreService
BcmSqlStartupSvc.exe          3856 BcmSqlStartupSvc
armsvc.exe                    3868 AdobeARMservice
svchost.exe                   3880 W3SVC, WAS
svchost.exe                   3916 iphlpsvc
MBAMService.exe               3924 MBAMService
PEFService.exe                3936 PEFService
SMSvcHost.exe                 3944 NetPipeActivator, NetTcpActivator,
                                   NetTcpPortSharing
RtlService.exe                3960 Realtek8723AU
svchost.exe                   3972 TapiSrv
sqlbrowser.exe                3992 SQLBrowser
sqlwriter.exe                 4044 SQLWriter
svchost.exe                   4092 stisvc
mqsvc.exe                     3152 MSMQ
svchost.exe                   3348 WpnService
dasHost.exe                   3476 N/A
svchost.exe                   4108 TrkWks
svchost.exe                   4228 WdiServiceHost
svchost.exe                   4316 SstpSvc
svchost.exe                   5068 RasMan
svchost.exe                   5272 SSDPSRV
mfevtps.exe                   5400 N/A
ProtectedModuleHost.exe       5496 N/A
SMSvcHost.exe                 6024 NetMsmqActivator
svchost.exe                   6324 WdiSystemHost
WmiPrvSE.exe                  6360 N/A
svchost.exe                   6760 fdPHost
svchost.exe                   6768 NcdAutoSetup
mcapexe.exe                   6852 McAPExe
svchost.exe                   7060 FDResPub
McCSPServiceHost.exe          7124 mccspsvc
mcshield.exe                  7532 N/A
mbamtray.exe                  8828 N/A
uihost.exe                    8840 N/A
svchost.exe                   8900 CDPUserSvc_c6faa
svchost.exe                   8984 WpnUserService_c6faa
taskhostw.exe                 9076 N/A
sihost.exe                    2816 N/A
unsecapp.exe                  8604 N/A
ModuleCoreService.exe         7452 N/A
conhost.exe                   1880 N/A
svchost.exe                   6292 TokenBroker
svchost.exe                   2392 TabletInputService
ctfmon.exe                    1044 N/A
svchost.exe                   2148 CDPSvc
svchost.exe                   5792 DoSvc
explorer.exe                  9092 N/A
A6100.EXE                     8020 N/A
svchost.exe                   9580 OneSyncSvc_c6faa,
                                   PimIndexMaintenanceSvc_c6faa,
                                   UnistoreSvc_c6faa, UserDataSvc_c6faa
McPvTray.exe                  9632 N/A
svchost.exe                   9728 StorSvc
svchost.exe                   9924 cbdhsvc_c6faa
HPSupportSolutionsFramewo    10108 HPSupportSolutionsFrameworkService
GoogleCrashHandler.exe       10152 N/A
GoogleCrashHandler64.exe      9516 N/A
svchost.exe                   4136 NgcSvc
svchost.exe                   1620 NgcCtnrSvc
svchost.exe                   4608 InstallService
dllhost.exe                   2164 N/A
SgrmBroker.exe               10344 SgrmBroker
svchost.exe                  10488 UsoSvc
StartMenuExperienceHost.e    10548 N/A
RuntimeBroker.exe            10636 N/A
SearchIndexer.exe            10728 WSearch
RuntimeBroker.exe            11148 N/A
svchost.exe                   8316 LicenseManager
RemindersServer.exe          10160 N/A
ApplicationFrameHost.exe     10476 N/A
SkypeBackgroundHost.exe       8184 N/A
YourPhone.exe                11376 N/A
SkypeApp.exe                 11636 N/A
dllhost.exe                  12260 N/A
RuntimeBroker.exe            12312 N/A
RuntimeBroker.exe            12624 N/A
RuntimeBroker.exe            13140 N/A
svchost.exe                  13180 Netman
SettingSyncHost.exe          13264 N/A
SearchUI.exe                 12216 N/A
SecurityHealthSystray.exe     2152 N/A
RAVCpl64.exe                 11028 N/A
SecurityHealthService.exe    10676 SecurityHealthService
rundll32.exe                  1984 N/A
rundll32.exe                 10508 N/A
svchost.exe                  10652 PcaSvc
NvBackend.exe                10512 N/A
OneDrive.exe                 13332 N/A
ScanToPCActivationApp.exe    13368 N/A
steam.exe                    13432 N/A
NordVPN.exe                  13520 N/A
SSScheduler.exe              13708 N/A
FacebookGameroom.exe         13776 N/A
ShwiconXP9106.exe            13880 N/A
PDVDDXSrv.exe                13896 N/A
sprtcmd.exe                  13996 N/A
RuntimeBroker.exe            14108 N/A
HPNETW~1.EXE                 14156 N/A
svchost.exe                  14308 BITS
svchost.exe                  10832 wscsvc
steamwebhelper.exe           13640 N/A
steamwebhelper.exe            9572 N/A
SteamService.exe             11588 Steam Client Service
steamwebhelper.exe           13908 N/A
steamwebhelper.exe           12180 N/A
Facebook Gameroom Browser    14580 N/A
steamwebhelper.exe           14704 N/A
steamwebhelper.exe           14720 N/A
steamwebhelper.exe           14904 N/A
svchost.exe                   2616 SDRSVC
nvtray.exe                   14008 N/A
svchost.exe                  10900 BthAvctpSvc
smartscreen.exe               4576 N/A
Video.UI.exe                 13812 N/A
svchost.exe                  16176 Appinfo
SkypeBridge.exe              13976 N/A
ShellExperienceHost.exe       1176 N/A
RuntimeBroker.exe             8456 N/A
SystemSettings.exe           11716 N/A
svchost.exe                   6480 WbioSrvc
svchost.exe                  16144 DsSvc
WindowsInternal.Composabl    12204 N/A
HxOutlook.exe                 3108 N/A
RuntimeBroker.exe             2996 N/A
HxTsr.exe                    13504 N/A
MusNotifyIcon.exe             8452 N/A
MfeAVSvc.exe                 16452 N/A
MMSSHOST.exe                 11072 N/A
McUICnt.exe                   4740 N/A
svchost.exe                   8880 lmhosts
QcShm.exe                    17420 N/A
svchost.exe                   5188 DisplayEnhancementService
MicrosoftEdge.exe             2844 N/A
browser_broker.exe            2256 N/A
MicrosoftEdgeSH.exe          14992 N/A
MicrosoftEdgeCP.exe           3024 N/A
MicrosoftEdgeCP.exe           9968 N/A
MicrosoftEdgeCP.exe          15712 N/A
svchost.exe                  18752 AppXSvc
SearchProtocolHost.exe        9220 N/A
audiodg.exe                  19024 N/A
svchost.exe                   6960 camsvc
MicrosoftEdgeCP.exe           2840 N/A
svchost.exe                   2416 ClipSVC
Taskmgr.exe                  18848 N/A
backgroundTaskHost.exe       12140 N/A
RuntimeBroker.exe            17884 N/A
svchost.exe                   2472 wuauserv
SearchFilterHost.exe         16940 N/A
MicrosoftEdgeCP.exe          12920 N/A
cmd.exe                      17332 N/A
conhost.exe                   1316 N/A
tasklist.exe                  3036 N/A

#4
RKinner

Posted 14 May 2020 - 08:58 PM

Malware Expert

Expert
24,538 posts

Bad news. Hard drive is on its last legs.

05
                                           Attribute name   Reallocated Sectors Count
                                           Real value   821
                                           Current   80
                                           Worst   80
                                           Threshold   36
                                           Raw Value   0000000335
                                           Status   Good

Would get a new drive (preferably a Western Digital Black but anything but another Seagate) and clone the old drive as soon as possible. In the meantime save anything you don't want to lose.

Also the slowness is caused by your NordVPN.

NordVPN.exe 23.99 199,164 K 144,832 K 13520 (Verified) TEFINCOM S.A.

Your Netgear 6100 is also having problems:

Error: (05/14/2020 06:38:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: A6100.exe, version: 1.0.0.36, time stamp: 0x5a9f54e3
Faulting module name: RtlIhvOid.dll, version: 1.1033.704.2013, time stamp: 0x51d4df6c

Error: (05/13/2020 10:21:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek8723AU service

Expect the hard drive problem has corrupted both programs. Perhaps reinstalling and the Netgear 6100 will fix the slowness. There is a lot more we could do but with the hard drive on the way out it's probably not worth it and may cause the drive to fail even quicker.