Solved Cannot get rid of PUP.Optional virus

Judy K

TS Rookie
Hi

I have scanned my computer multiple times with Malwarebytes and each time it says I have 2 PUP.Optional virus. I have quarantined and then deleted them and restarted my computer. Also used Adware to scan and remove whatever was shown. But it keeps coming back and my computer is slowing down badly and have problems connecting to the internet.

I read a post here about a solution in 2017 but it is stated that the solution was specifically for the machine of that person who had the problem, so I am hoping that someone can help me.

Regards

Judy
 

Broni

Malware Annihilator
Welcome aboard


Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 

Judy K

TS Rookie
Thank you for your reply.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by Judy (administrator) on HP-WIN8 (Hewlett-Packard 23-d003d) (16-06-2019 12:10:07)
Running from C:\Users\Judy\Downloads
Loaded Profiles: Judy (Available Profiles: Judy & Administrator)
Platform: Windows 10 Home Single Language Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\74.4.115\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\74.4.115\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard ) [File not signed] C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Portrait Displays, Inc. -> Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\dthtml.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(SEIKO EPSON Corporation -> ) C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(SEIKO EPSON Corporation -> ) C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\nsWscSvc.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 

Judy K

TS Rookie
==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-07-14] (Hewlett-Packard ) [File not signed]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-14] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-08-17] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-15] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-24] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-14] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LauncherMX14NF] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2269936 2012-12-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MX14NF RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [363760 2012-12-27] (SEIKO EPSON Corporation -> )
HKLM-x32\...\Run: [StatusAutoRunMX14NF] => "C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON AL-MX14NF,hide,\S
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [Dropbox Update] => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32-x32: [msacm.lame] => lame.ax
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-20] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-20] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ant aladdin.lnk [2015-03-12]
ShortcutTarget: ant aladdin.lnk -> C:\Program Files (x86)\Antification\AntAladdin\Ant Aladdin.exe () [File not signed]
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autoStartSignage.bat [2018-07-11] () [File not signed]
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 

Judy K

TS Rookie
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CF1B51-BA67-419A-9D40-A7B69B7459D6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {06D18631-5504-4A13-852C-7A5FF138AC32} - System32\Tasks\{AC2F51BF-46E2-4997-8803-A416468F17D0} => C:\WINDOWS\system32\pcalua.exe -a "D:\Downloads\Herma Label Design\HLD1.1_EN.exe" -d "D:\Downloads\Herma Label Design"
Task: {076B4B3F-9005-4354-B70A-EE5E2ED5859C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {08E54BEB-D437-4CD1-8061-86E202A59D41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-08-13] (Google Inc -> Google Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0ABC8A98-858E-466F-B483-AF43CEA5035D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {0CFC6A20-D75B-4D97-A0F4-437454F381B4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1DEA144D-A23D-4A84-B907-0987FCD3787F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {32D64781-DB3F-4A17-B3E6-E98640EA0F38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CF5B939-F603-4107-8575-161F354228A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3DFA2B99-0270-4035-AFEE-C5A287138FC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\WSCStub.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {40959587-D009-4CF2-998E-EB74099F1D4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4102C8BA-2BC1-4F6A-A809-077D8317B9AE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {43AA3915-82B2-42AA-AAC0-8FD1E3BD5848} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {44A12B1E-3E2D-4E8E-985C-BAC20BCF143B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {490BFEDF-27D2-4FA6-8158-C8FE51047009} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {4A04CB62-17A7-4585-8112-8ADE86BC4AC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {527E793F-4DC4-494F-A4D7-130E088FA777} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6920C1B9-ED5D-4934-B4C1-F3695F194102} - System32\Tasks\{76B3AB3A-3CFA-4BBB-91CC-D419F6AEB75E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe"
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70566152-27BD-4DFF-9992-F1A8CC9C9CD1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {77F85592-DED6-4037-B681-3DCE846D1CB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7FF7E735-FA08-433E-84C7-7E65227F9427} - System32\Tasks\{967CD0D6-3405-457E-8F1F-2B994E70B71E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Judy\Downloads\notepad\Note manager for Win V3.4.140.3\instmsiw.exe" -d "C:\Users\Judy\Downloads\notepad\Note manager for Win V3.4.140.3"
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {90D37FE2-E584-42CB-B0EB-CA13F19CFC8E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9660F4A7-288E-4C37-ABDC-352EC388276A} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {9A4DF13E-0899-48BF-9ADC-E71DF153CE72} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {A1931E6B-F13B-4029-A78B-B15691111083} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001UA => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A1C2059E-5C58-407E-8E8B-329AF1022B35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-08-13] (Google Inc -> Google Inc.)
Task: {A69B190B-A8BF-420E-ADB4-24B31735C269} - \Optimize Start Menu Cache Files-S-1-5-21-2446170218-512241896-1534691390-1001 -> No File <==== ATTENTION
Task: {A69FFD0B-186D-44FD-9F62-2DAF2C6A6BB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {BAF3D517-ED69-4582-8272-86EF760B67A7} - System32\Tasks\HPCeeScheduleForJudy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {BB6E329E-0A64-4620-A727-F1F63BBD68C1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BEE6D22E-62A3-41CF-8BAC-00782C02ADB8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-07-28] (CyberLink -> CyberLink)
Task: {C62E7597-7BC4-434D-9CC0-9B6A624B3EEF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA829C40-4866-40F7-B6FA-F9A9AFC62CE3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CCCEEB8C-8387-4B5C-840D-00CB6A512509} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001Core => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CD67AFD2-59F1-4D1F-9265-E6EBED86F9C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D31B8DC7-8F86-4E54-A2F1-925DE5DF38FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {D8DFE977-C96A-4D10-98BC-B04C7629B2BE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-05-04] (HP Inc. -> HP Inc.)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E7AF5793-EF64-4B5A-9087-CF17A364E903} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {EBAE93CC-16E4-4648-81D6-7F8DBC1BAE0C} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {F045E025-3AEB-4121-AE49-1CE61C058C4F} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2446170218-512241896-1534691390-1001 -> No File <==== ATTENTION
Task: {F073A4B7-A43D-483A-946F-BE323CAFA005} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {F1E3B61C-6EF0-4814-A9EA-F3F15C572FC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F3ECD9C7-8EFA-4D17-9DBE-B378B5447052} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F4A1F838-BFD6-4036-A818-EC3A81E75364} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [135349160 2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7CAC4AC-2F83-45B5-9C8E-E0A29AAB76CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001Core.job => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001UA.job => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJudy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3648495f-7885-45ae-b33f-cb47a9c8c250}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{622c8537-b961-4ff3-affc-667b725aced0}: [NameServer] 192.168.1.253,8.8.8.8
Tcpip\..\Interfaces\{e2f27193-f951-4015-bfe0-d6353f1e9bcf}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKU\S-1-5-21-2446170218-512241896-1534691390-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.16.3.21&locale=en_GB&guid=C24FEB97-372F-4461-8F5B-ED1F636EB086&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-05-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default [2018-06-23]
FF Extension: (Norton Identity Safe) - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default\Extensions\idsafe@norton.com.xpi [2018-06-23]
FF Extension: (SEOquake) - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2018-02-14]
FF HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\Download Free Music\SoundFrost.xpi
FF Extension: (SoundFrost) - C:\Program Files (x86)\Download Free Music\SoundFrost.xpi [2014-12-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npAstroBrowserPlugin.dll [2015-03-01] (Measat Broadcast Network Systems) [File not signed]
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-11-11] () [File not signed]
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Judy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-05] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Judy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-11-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: hp.com/HPDetect -> C:\Users\Judy\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-11]
 

Judy K

TS Rookie
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH
CHR StartupUrls: Default -> "hxxp://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH","hxxps://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://gkjahlcnbjiangkneanonnndppicobbd/homePageRedirect.html", Active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default [2019-06-16]
CHR Extension: (Norton Password Manager) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-06-14]
CHR Extension: (SEOquake) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2019-05-17]
CHR Extension: (Docs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Norton Safe Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2019-05-17]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-05-17]
CHR Extension: (iCloud Bookmarks) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-05-17]
CHR Extension: (Norton Safe Web) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Norton Safe Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjahlcnbjiangkneanonnndppicobbd [2019-05-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-06-14]
CHR Extension: (IE Tab) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2019-06-15]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2019-05-17]
CHR Extension: (Messages Saver for Facebook™) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdhmijdgjnlbdkfgdmolcjnflmlhf [2016-09-20]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2019-05-24]
CHR Extension: (Norton Home Page) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2019-05-17]
CHR Extension: (Norton Safe) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2019-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-17]
CHR Extension: (LogMeIn) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2019-05-17]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [obgmhlafhebbinlgppoojofbekbpncmg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Judy\AppData\Local\Temp\ccex.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-17] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [97776 2018-04-04] (INTERNET PROJECT LLC -> Freemake)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$ASI2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$DATAMATE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\sqlservr.exe [61913952 2010-04-04] (Microsoft Corporation -> Microsoft Corporation)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703616 2012-07-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 NortonSecurity; C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe [225608 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\nsWscSvc.exe [933200 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [104176 2012-12-27] (SEIKO EPSON Corporation -> )
S4 SQLAgent$ASI2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLAgent$DATAMATE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-04] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-20] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21652000 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [684560 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190610.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\ccSetx64.sys [192704 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink -> CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-10] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Chicony Electronics Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20190613.061\IDSvia64.sys [1441800 2019-04-19] (Symantec Corporation -> Symantec Corporation)
S3 lehidmini; C:\WINDOWS\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros Communications Inc. -> Atheros)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-15] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek Semiconductor Corp -> Realtek )
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSP64.SYS [864776 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSPX64.SYS [49672 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-18] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SYMEFASI64.SYS [1998552 2019-05-25] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SymELAM.sys [25744 2019-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-21] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\SymPlatform\SymEvnt.sys [712200 2019-06-08] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\Ironx64.SYS [315912 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\symnets.sys [573448 2019-05-25] (Symantec Corporation -> Symantec Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\wpCtrlDrv.sys [1012120 2019-05-25] (Symantec Corporation -> Symantec Corporation)
 

Judy K

TS Rookie
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-16 12:10 - 2019-06-16 12:12 - 000048604 _____ C:\Users\Judy\Downloads\FRST.txt
2019-06-16 12:08 - 2019-06-16 12:10 - 000000000 ____D C:\FRST
2019-06-16 12:08 - 2019-06-16 12:08 - 000000000 ____D C:\Users\Judy\Downloads\FRST-OlderVersion
2019-06-16 12:05 - 2019-06-16 12:08 - 002418688 _____ (Farbar) C:\Users\Judy\Downloads\FRST64.exe
2019-06-15 14:47 - 2019-06-15 14:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-06-15 14:22 - 2019-06-15 14:22 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-14 22:07 - 2019-06-14 22:07 - 002953520 _____ (AVAST Software) C:\Users\Judy\Downloads\avast-browser-cleanup.exe
2019-06-12 14:36 - 2019-06-07 18:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 14:36 - 2019-06-07 18:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 14:36 - 2019-06-07 17:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 14:36 - 2019-06-07 17:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 14:36 - 2019-06-07 17:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 14:36 - 2019-06-07 17:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 14:36 - 2019-06-07 17:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 14:36 - 2019-06-07 17:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 14:36 - 2019-06-07 17:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 14:36 - 2019-06-07 17:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 14:36 - 2019-06-07 17:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 14:36 - 2019-06-07 13:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 14:36 - 2019-06-07 12:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 14:36 - 2019-06-07 12:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 14:36 - 2019-06-07 12:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 14:36 - 2019-06-07 12:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 14:36 - 2019-06-07 12:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 14:36 - 2019-06-07 12:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 14:36 - 2019-06-07 12:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 14:36 - 2019-06-07 12:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 14:36 - 2019-06-07 12:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 14:36 - 2019-06-07 12:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 14:36 - 2019-06-07 12:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 14:36 - 2019-06-07 12:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 14:36 - 2019-06-07 12:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 14:36 - 2019-06-07 12:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 14:36 - 2019-06-07 12:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 14:36 - 2019-06-07 12:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 14:36 - 2019-06-07 12:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 14:36 - 2019-06-07 12:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 14:36 - 2019-06-07 12:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 14:36 - 2019-06-07 12:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 14:36 - 2019-05-19 05:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 14:36 - 2019-05-17 19:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 14:36 - 2019-05-17 19:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 14:36 - 2019-05-17 19:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 14:36 - 2019-05-17 19:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 14:36 - 2019-05-17 19:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 14:36 - 2019-05-17 19:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 14:36 - 2019-05-17 13:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 14:36 - 2019-05-17 13:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 14:36 - 2019-05-17 13:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 14:36 - 2019-05-17 13:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 14:36 - 2019-05-17 13:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 14:36 - 2019-05-17 13:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 14:36 - 2019-05-17 13:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 14:36 - 2019-05-17 12:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 14:36 - 2019-05-17 12:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 14:36 - 2019-05-17 12:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 14:36 - 2019-05-17 12:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 14:36 - 2019-05-17 12:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 14:35 - 2019-06-07 17:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 14:35 - 2019-06-07 17:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 14:35 - 2019-06-07 17:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 14:35 - 2019-06-07 17:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 14:35 - 2019-06-07 17:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 14:35 - 2019-06-07 13:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 14:35 - 2019-06-07 12:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 14:35 - 2019-06-07 12:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 14:35 - 2019-06-07 12:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 14:35 - 2019-06-07 12:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 14:35 - 2019-06-07 12:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 14:35 - 2019-06-07 12:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 14:35 - 2019-06-07 12:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 14:35 - 2019-06-07 12:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 14:35 - 2019-06-07 12:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 14:35 - 2019-06-07 12:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 14:35 - 2019-06-07 12:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 14:35 - 2019-06-07 12:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 14:35 - 2019-06-07 12:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 14:35 - 2019-06-07 12:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 14:35 - 2019-06-07 12:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 14:35 - 2019-06-07 12:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 14:35 - 2019-06-07 11:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 14:35 - 2019-05-19 05:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 14:35 - 2019-05-19 05:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 14:35 - 2019-05-19 05:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 14:35 - 2019-05-17 19:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 14:35 - 2019-05-17 19:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 14:35 - 2019-05-17 19:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 14:35 - 2019-05-17 19:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 14:35 - 2019-05-17 19:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 14:35 - 2019-05-17 19:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 14:35 - 2019-05-17 19:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 14:35 - 2019-05-17 19:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 14:35 - 2019-05-17 19:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 14:35 - 2019-05-17 19:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 14:35 - 2019-05-17 19:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 14:35 - 2019-05-17 18:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 14:35 - 2019-05-17 18:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 14:35 - 2019-05-17 18:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 14:35 - 2019-05-17 18:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 14:35 - 2019-05-17 18:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 14:35 - 2019-05-17 16:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 14:35 - 2019-05-17 15:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 14:35 - 2019-05-17 14:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 14:35 - 2019-05-17 13:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 14:35 - 2019-05-17 13:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 14:35 - 2019-05-17 13:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 14:35 - 2019-05-17 13:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 14:35 - 2019-05-17 13:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 14:35 - 2019-05-17 13:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 14:35 - 2019-05-17 13:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 14:35 - 2019-05-17 13:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 14:35 - 2019-05-17 13:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 14:35 - 2019-05-17 13:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 14:35 - 2019-05-17 13:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 14:35 - 2019-05-17 13:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 14:35 - 2019-05-17 13:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 14:35 - 2019-05-17 13:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 14:35 - 2019-05-17 13:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 14:35 - 2019-05-17 13:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 14:35 - 2019-05-17 13:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 14:35 - 2019-05-17 13:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 14:35 - 2019-05-17 13:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 14:35 - 2019-05-17 13:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 14:35 - 2019-05-17 13:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 14:35 - 2019-05-17 13:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 14:35 - 2019-05-17 13:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 14:35 - 2019-05-17 13:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 14:35 - 2019-05-17 13:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 14:35 - 2019-05-17 12:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 14:35 - 2019-05-17 12:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 14:35 - 2019-05-17 12:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 14:35 - 2019-05-17 12:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 14:35 - 2019-05-17 12:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 14:35 - 2019-05-17 12:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 14:35 - 2019-05-17 12:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 14:35 - 2019-05-17 12:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 14:35 - 2019-05-17 12:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 14:35 - 2019-05-17 12:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 14:35 - 2019-05-17 12:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 14:35 - 2019-05-17 12:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 14:35 - 2019-05-17 12:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 14:35 - 2019-05-17 12:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 14:35 - 2019-05-17 12:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 14:35 - 2019-05-17 12:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 05:22 - 2019-06-16 11:22 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJudy
2019-06-12 05:22 - 2019-06-16 11:22 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJudy.job
2019-06-09 09:21 - 2019-06-09 09:51 - 000000996 _____ C:\Users\Public\Desktop\Intelligent Lock Management System.lnk
2019-06-09 09:21 - 2019-06-09 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLock
2019-06-06 08:57 - 2019-06-16 11:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2019-06-06 08:55 - 2019-06-06 09:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-06-06 08:55 - 2019-06-06 08:55 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-06-06 08:27 - 2019-06-06 08:27 - 000000000 ____D C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-01 20:37 - 2019-06-01 20:42 - 000000000 ____D C:\Users\TEMP
2019-05-24 20:22 - 2019-05-24 20:22 - 006881808 _____ (Jan Fiala ) C:\Users\Judy\Downloads\pspad501_setup_int.exe
2019-05-24 20:06 - 2019-05-24 20:06 - 095438466 _____ C:\Users\Judy\Downloads\2019 Winter (2) 2.AVI
2019-05-24 20:00 - 2019-05-24 20:00 - 000428116 _____ C:\Users\Judy\Downloads\2019 Winter (1).3gp
2019-05-24 15:20 - 2019-05-24 15:20 - 000000000 ____D C:\Users\Judy\AppData\Local\mbamtray
2019-05-24 15:20 - 2019-05-24 15:20 - 000000000 ____D C:\Users\Judy\AppData\Local\mbam
2019-05-24 15:19 - 2019-05-24 15:19 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-24 15:19 - 2019-05-24 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-24 15:19 - 2019-05-24 15:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-24 15:19 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-24 15:19 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-24 15:18 - 2019-05-24 15:18 - 063182216 _____ (Malwarebytes ) C:\Users\Judy\Downloads\mb3-setup-37469.37469-3.7.1.2839-1.0.586-1.0.10430.exe
2019-05-22 21:02 - 2019-05-22 21:05 - 000000000 ____D C:\Users\Judy\AppData\Local\PlaceholderTileLogoFolder
2019-05-22 19:50 - 2019-05-22 20:05 - 065552400 _____ (Movavi) C:\Users\Judy\Downloads\MovaviScreenCaptureSetupC.exe
2019-05-21 14:03 - 2019-05-21 14:03 - 007926824 _____ (Tim Kosse) C:\Users\Judy\Downloads\FileZilla_3.42.1_win64-setup.exe
 

Judy K

TS Rookie
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-16 12:03 - 2018-06-09 03:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-16 11:34 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-15 14:24 - 2014-01-28 08:34 - 000000000 ____D C:\Users\Judy\AppData\Local\CrashDumps
2019-06-15 14:22 - 2014-01-27 15:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-06-15 14:21 - 2018-06-09 03:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-15 14:20 - 2018-04-12 04:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-15 13:56 - 2015-05-12 09:40 - 000000000 ____D C:\Users\Judy\AppData\Local\NPE
2019-06-15 13:43 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-15 13:43 - 2015-05-12 09:43 - 000000000 ____D C:\NPE
2019-06-15 12:54 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-15 10:05 - 2018-08-03 16:42 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2FAA0801-BB5F-489F-A8E5-F755F8C7EB56}
2019-06-15 09:21 - 2014-04-22 04:38 - 000000000 ____D C:\Users\Judy\AppData\Local\IE Tab
2019-06-14 22:47 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-14 22:17 - 2015-09-10 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 19:28 - 2014-01-28 09:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-06-13 19:13 - 2019-04-29 21:03 - 000000000 ____D C:\Program Files (x86)\HIP Premium Time 2.0.4
2019-06-12 18:02 - 2018-04-12 06:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-12 17:51 - 2018-06-09 03:08 - 000936440 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 17:47 - 2015-12-14 04:52 - 000000000 ___RD C:\Users\Judy\3D Objects
2019-06-12 17:46 - 2018-06-09 03:02 - 000588480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 14:46 - 2018-04-12 06:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-12 14:34 - 2014-01-28 15:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 14:28 - 2014-01-28 15:42 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-12 05:22 - 2018-06-09 03:09 - 000000000 ____D C:\Users\Judy
2019-06-11 22:00 - 2017-12-12 18:34 - 000000000 ____D C:\Users\Judy\AppData\Local\Packages
2019-06-11 16:03 - 2019-03-13 12:34 - 006234168 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-06-11 16:03 - 2018-06-09 03:20 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-11 16:03 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-09 09:48 - 2019-02-13 11:43 - 000000000 ____D C:\Program Files (x86)\Intelligent Lock Management System
2019-06-09 09:05 - 2018-04-12 04:04 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2019-06-06 20:40 - 2018-06-09 03:21 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2446170218-512241896-1534691390-1001
2019-06-06 20:39 - 2018-06-09 03:10 - 000002401 _____ C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-06 20:39 - 2014-04-18 08:29 - 000000000 __RDO C:\Users\Judy\OneDrive
2019-06-06 09:42 - 2015-06-12 08:37 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-06 09:16 - 2018-02-22 20:18 - 000002421 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-06-06 08:55 - 2018-02-04 07:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-06-06 08:29 - 2014-02-23 17:45 - 000000000 ____D C:\Users\Judy\AppData\Roaming\Dropbox
2019-05-31 16:23 - 2014-07-29 17:04 - 000000000 ____D C:\Users\Judy\AppData\Roaming\FileZilla
2019-05-31 08:57 - 2018-11-14 17:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-31 08:57 - 2018-11-14 17:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-24 20:32 - 2018-08-03 14:42 - 000000000 ____D C:\Users\Judy\AppData\Local\FileZilla
2019-05-24 20:30 - 2018-08-03 14:42 - 000002164 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2019-05-24 20:30 - 2014-07-29 17:02 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2019-05-24 20:29 - 2014-07-29 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-24 20:23 - 2016-03-20 09:47 - 000001087 _____ C:\Users\Judy\Desktop\PSPad.lnk
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\Users\Judy\AppData\Roaming\PSpad
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\Program Files (x86)\PSPad editor
2019-05-24 15:20 - 2014-12-16 12:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-24 15:19 - 2018-04-12 06:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-23 16:18 - 2016-08-13 21:14 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 16:18 - 2016-08-13 21:14 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-17 17:51 - 2018-11-17 08:03 - 000000000 ____D C:\Program Files\rempl
2019-05-17 13:40 - 2012-07-26 12:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-05-17 11:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ================

2014-01-28 08:39 - 2014-01-28 08:40 - 000032516 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2018-04-08 14:11 - 2018-04-08 14:11 - 000000128 ____H () C:\Users\Judy\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-12-15 11:21 - 2015-12-15 11:20 - 000089730 _____ () C:\Users\Judy\AppData\Roaming\HomeImage.jpg
2015-12-15 11:21 - 2015-12-15 11:20 - 000089730 _____ () C:\Users\Judy\AppData\Roaming\ReportImage.jpg
2014-12-10 12:34 - 2013-03-18 17:45 - 001122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Judy\AppData\Local\libeay32.dll
2014-12-10 12:36 - 2014-12-10 21:42 - 000375693 _____ () C:\Users\Judy\AppData\Local\log.txt
2014-12-10 12:34 - 2011-06-11 00:58 - 000421200 _____ (Microsoft Corporation) C:\Users\Judy\AppData\Local\msvcp100.dll
2014-12-10 12:34 - 2011-06-11 00:58 - 000773968 _____ (Microsoft Corporation) C:\Users\Judy\AppData\Local\msvcr100.dll
2014-12-10 12:34 - 2014-07-07 10:54 - 002599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtCore4.dll
2014-12-10 12:34 - 2014-04-20 02:43 - 008587264 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtGui4.dll
2014-12-10 12:34 - 2014-04-20 02:38 - 001053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtNetwork4.dll
2014-12-10 12:34 - 2014-04-20 04:40 - 013108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtWebKit4.dll
2014-12-10 12:34 - 2013-03-18 17:45 - 000274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Judy\AppData\Local\ssleay32.dll
2014-12-10 12:36 - 2014-12-10 18:50 - 000260542 _____ () C:\Users\Judy\AppData\Local\viewer.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

Judy K

TS Rookie
Now, the addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by Judy (16-06-2019 12:13:27)
Running from C:\Users\Judy\Downloads
Windows 10 Home Single Language Version 1803 17134.829 (X64) (2018-06-08 20:38:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2446170218-512241896-1534691390-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2446170218-512241896-1534691390-503 - Limited - Disabled)
Guest (S-1-5-21-2446170218-512241896-1534691390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2446170218-512241896-1534691390-1018 - Limited - Enabled)
Judy (S-1-5-21-2446170218-512241896-1534691390-1001 - Administrator - Enabled) => C:\Users\Judy
printer (S-1-5-21-2446170218-512241896-1534691390-1019 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2446170218-512241896-1534691390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DC7C952E-3B17-9BBE-CED0-152DB6B0BAA2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntAladdin (HKLM-x32\...\{4A1D7844-2B6E-4B25-A3BC-8B5AB61FDEDB}) (Version: 1.0.2 - Antification)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Astro on the Go video player Browser Plugin (HKLM-x32\...\{AB6591F2-C1F6-4ABD-8C16-F1F87CEBF37E}) (Version: 3.14.6.7628 - Measat Broadcast Network Systems Sdn Bhd)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.6.5 - ASUS)
Atomic Email Hunter 15.0.0.390 (HKLM-x32\...\AtomicEmailHunter_is1) (Version: 15.0.0.390 - AtomPark Software Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon SELPHY CP910 (HKLM\...\Canon SELPHY CP910) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CMS (HKLM-x32\...\CMS) (Version: - )
CMS2000 version 1.0 (HKLM-x32\...\CMS2000_is1) (Version: 1.0 - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Database Password Sleuth 1.05 (full) (HKLM-x32\...\Database Password Sleuth_is1) (Version: 1.05 - Shatterock Technologies)
Dropbox (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
Dvr CMS (HKLM-x32\...\Dvr CMS) (Version: - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON AcuLaser MX14NF (HKLM-x32\...\{B64E8CB4-213B-4B30-AF72-BC975BBBB1D4}) (Version: 1.025.00 - EPSON) Hidden
EPSON AcuLaser MX14NF (HKLM-x32\...\InstallShield_{B64E8CB4-213B-4B30-AF72-BC975BBBB1D4}) (Version: 1.025.00 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{892A2A95-311C-4FE7-921E-5511358BB7F4}) (Version: 2.40.0005 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FacebookPRO v2.20 (HKLM-x32\...\FacebookPRO_is1) (Version: - )
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)
Forex Gemini Code (HKLM-x32\...\Forex Gemini Code) (Version: - )
ForexPrecogESP (HKLM-x32\...\ForexPrecogESP) (Version: - )
ForexPrecogIndicators (HKLM-x32\...\ForexPrecogIndicators) (Version: - )
Freemake Video Converter version 4.1.10.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.0 - Ellora Assets Corporation)
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
FXCM Trading Station (HKLM-x32\...\FXTS2) (Version: - Forex Capital Markets, LLC ("FXCM LLC"))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HERMA Label Designer plus 1.1 (HKLM-x32\...\{7DA64485-2CEE-4F7B-84AB-B287236703B6}) (Version: 1.00.0000 - HERMA GmbH)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HIP Premium Time 2.0.4 (HKLM-x32\...\HIP Premium Time 2.0.4) (Version: 2.0.4 - HIP Global co.,Ltd.)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.12.004 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.7.50.3 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.10.49.21 - HP Inc.)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HydraVision (HKLM-x32\...\{866A5B13-0B3E-9402-9D1D-62E33DC1F21D}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6419.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intelligent Lock Management System V2.2 (HKLM-x32\...\{70B6926B-62C8-4947-8B6F-A0711D851B0C}_is1) (Version: - )
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
iVMS-4200(v2.4.1.3) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.4.1.3 - hikvision)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LED Digit Board (HKLM-x32\...\{22F3D128-2106-489D-8BA3-CD18BBC70708}) (Version: - )
LQ-300+II User's Guide (HKLM-x32\...\LQ-300+II User's Guide) (Version: - )
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{48B08845-0CB0-45EC-893C-15319ADDA312}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F7954B53-8522-450D-B262-B362B440FEC0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.0.3.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Norton 360 (HKLM-x32\...\NGC) (Version: 22.17.2.46 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PanaVue ImageAssembler 3.5.0 (HKLM-x32\...\{71D91178-0A18-4519-98CA-C2E85EBEBD96}) (Version: 3.5.0 - PanaVue)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.1.312 - Jan Fiala)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.2 - hikvision)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.28.007 - Portrait Displays, Inc.) Hidden
SendBlaster 3 (HKLM-x32\...\{486575DF-CC13-4F89-8636-C2CC5BDA7246}) (Version: 003.001.00006 - eDisplay srl)
Serif MoviePlus Starter Edition (HKLM-x32\...\{2A9D6191-23DB-463E-BB1B-1642C9756B7C}) (Version: 1.0.0.008 - Serif (Europe) Ltd)
Serif PhotoPlus X6 (HKLM\...\{CCD2C5E4-F484-4499-BCB3-61E787416757}) (Version: 16.0.1.029 - Serif (Europe) Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SignagePlayer (HKLM-x32\...\SignagePlayer.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 5.0.106 - Signage)
SignageStudio (HKLM-x32\...\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 5.1.42 - Signage)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Target Entry Elevator (HKLM-x32\...\Target Entry Elevator) (Version: - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
WaterLink Connect (HKLM-x32\...\{03A95C1E-85BD-4B26-B027-C9501D2D33E1}) (Version: 1.9.15 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\{435E77C4-A9D7-4D4C-9823-B6616CDDF404}) (Version: 1.7.0 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\{A5386BC4-2BA6-4A03-B7C1-9483A0B9AB05}) (Version: 1.4.8 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\WaterLink Connect) (Version: 1.9.15 - LaMotte)
WaterLink DataMate 10 (HKLM-x32\...\{81F743BC-0AB7-4826-885C-6CAC67882D27}) (Version: 10.8.8.12 - LaMotte) Hidden
WaterLink DataMate 10 (HKLM-x32\...\WaterLink DataMate 10) (Version: 10.8.8.12 - LaMotte)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
WebEx Recorder and Player (HKLM-x32\...\{B4E14374-780F-48AB-8884-C7BBC02DB342}) (Version: 29.9.0.10115 - Cisco WebEx LLC)
WicReset version 3.0.80.35 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 3.0.80.35 - WWW.WIC.SUPPORT)
Windows Driver Package - LaMotte LaMottePnP Driver for WinXP and Win7 (07/08/2012 6.0.0.0) (HKLM\...\5F26A79801D79C161A994081FD24721382C47168) (Version: 07/08/2012 6.0.0.0 - LaMotte)
Windows Driver Package - LaMotte LaMottePnP Driver for WinXP and Win7 (10/26/2016 7.0.0.0) (HKLM\...\1C20FF46604597100216233F6059FC13B9107A7D) (Version: 10/26/2016 7.0.0.0 - LaMotte)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 8.6.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
ZIP Password Recovery Professional (HKLM-x32\...\ZIP Password Recovery Professional) (Version: - SmartKey, Inc.)
Zoom (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 

Judy K

TS Rookie
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1530.2.0_x86__kgqvnymyfvs32 [2019-06-13] (king.com)
Fresh Paint -> C:\Program Files\WindowsApps\Microsoft.FreshPaint_3.1.10383.1000_x86__8wekyb3d8bbwe [2019-06-08] (Microsoft Corporation)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-28] (Hewlett-Packard Company)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2019-05-22] (Instagram)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-20] (AMZN Mobile LLC)
LINE -> C:\Program Files\WindowsApps\NAVER.LINEwin8_5.17.1.0_x86__8ptj331gd3tyt [2019-06-13] (LINE Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-11-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-19] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-05] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6100.0_x64__8wekyb3d8bbwe [2019-06-12] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-16] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
mZIP -> C:\Program Files\WindowsApps\28885zimmermann.mZIP_2.1.0.24_neutral__zw91z8z11he4m [2015-12-11] (zimmermann)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-04-25] (Symantec Corporation)
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Judy\Dropbox [2013-08-09 21:22]
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2446170218-512241896-1534691390-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-11] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-12-03] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-11] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2010-05-14] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\buShell.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NavShExt.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1_S-1-5-21-2446170218-512241896-1534691390-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1_S-1-5-21-2446170218-512241896-1534691390-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]
ContextMenuHandlers4_S-1-5-21-2446170218-512241896-1534691390-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2446170218-512241896-1534691390-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Judy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.0.dll [2019-06-04] (Dropbox, Inc -> Dropbox, Inc.)
 

Judy K

TS Rookie
==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Judy\Desktop\mydlink (60045390).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> hxxp://sg.mydlink.com/

==================== Loaded Modules (Whitelisted) ==============

2013-01-18 05:55 - 2012-08-17 07:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2018-04-09 15:21 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-04-09 15:21 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2013-01-18 05:58 - 2009-02-20 08:22 - 000028672 _____ () [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2013-01-18 05:43 - 2009-03-03 17:42 - 000089600 _____ (Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
2012-08-20 12:13 - 2012-08-20 12:13 - 000323584 ____R (Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
2013-01-18 05:43 - 2012-07-14 08:18 - 000037888 _____ (Hewlett-Packard ) [File not signed] C:\Program Files\IDT\WDM\Beats64.exe
2013-01-18 05:58 - 2012-06-14 04:55 - 002101248 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
2013-01-18 05:58 - 2009-02-21 08:29 - 000053248 _____ (Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\HPCPQUSB.DLL
2018-06-09 03:15 - 2018-06-09 03:15 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2018-06-09 03:15 - 2018-06-09 03:15 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-01-18 05:55 - 2012-08-17 07:53 - 000172032 _____ (Portrait Displays, Inc) [File not signed] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HtmlEngine.dll
2013-01-18 05:47 - 2012-07-14 08:02 - 002451456 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2013-01-18 05:47 - 2012-02-08 05:59 - 000166912 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2010-03-25 17:57 - 2010-03-25 17:57 - 000055296 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2010-03-25 12:02 - 2010-03-25 12:02 - 000103936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-03-26 15:50 - 2010-03-26 15:50 - 000136192 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
2011-04-21 19:02 - 2011-04-21 19:02 - 000285696 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmnet.dll
2014-02-24 16:11 - 2008-11-12 03:00 - 000118784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMGUP.DLL
2018-04-09 15:21 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0A8E2C33 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2018-08-25 12:04 - 000000056 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Judy\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "ant aladdin.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "PivotSoftware"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "BATINDICATOR"
HKLM\...\StartupApproved\Run32: => "BATINDICATORHL"
HKLM\...\StartupApproved\Run32: => "MX14NF RUN"
HKLM\...\StartupApproved\Run32: => "LauncherMX14NF"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\StartupFolder: => "autoStartSignage.bat"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "EPSON L200 Series"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "CommonLauncher"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5CA00E2C-E5F4-49FD-968D-C857401BD660}] => (Allow) LPort=1900
FirewallRules: [{F725833C-1C7A-415A-AF9C-CA9C3948A2C8}] => (Allow) LPort=2869
FirewallRules: [{C75DD5DB-61AD-4926-88FE-C44F210256D2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{07C00A5C-D230-4276-8296-766BC2D77872}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{B3F50363-0A80-4E5C-AE4F-492E019FCC6C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{6A3D898F-AA6A-4971-B453-2FE3DEC89B7D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30B34F22-8947-442D-B6A7-5B13774BB466}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4736146D-38AF-4E91-B289-8318EFC69506}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AAE3AF7B-884A-4882-86CE-CB71E75AE439}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8D857E7-5B78-4BA5-B5B8-B1CFB845F781}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{76E460DE-C378-4539-8A36-DBBCC0B21BB5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{6810F6F6-7531-4442-B767-C4E32BF1E2FF}] => (Allow) C:\Program Files (x86)\PanaVue\ImageAssembler 3\pia3.exe (PanaVue) [File not signed]
FirewallRules: [{3C95B129-EC7F-4B68-B1AA-92D424BE00EA}] => (Allow) C:\Program Files (x86)\PanaVue\ImageAssembler 3\pia3.exe (PanaVue) [File not signed]
FirewallRules: [UDP Query User{D57EAE1C-7FA0-44A6-964D-A46D18DE911C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{AAA95E8C-F487-4294-8570-B3C2C65DB264}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{937D703C-1DA0-482A-B7A6-7E794C477486}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{41CBC9E6-4D5C-4927-94B7-74731736B5E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6CA7A74A-4170-4D44-BC46-C75B5D78717B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{64CA59DF-3BA7-4738-90A4-4413F250E751}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1DEA6052-7B03-40BB-BE15-53DE966C8E7D}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{777FE581-52F4-408C-BBD3-9A76F3206AC6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{711B5CC7-9AD6-4E9E-A87B-2FA572C9F5CB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{572D5335-3365-4371-A1EF-19AA526E15F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B4DF0D39-26C8-45C4-B903-38618A3C2882}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1391D077-55D3-4A5F-B751-61484E986CF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2C540D5-87D2-4EC7-89D3-FEE8C0D041F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A0435EE7-D869-4E68-B89C-9D87721D01AD}] => (Allow) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{33ABFB52-13D8-4CC2-83AC-A0BBB64B62DF}] => (Allow) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{FADD0171-6D36-4C3F-8EFB-375F3C42D070}] => (Allow) C:\Users\Judy\AppData\Local\Temp\recinstalldl\RecInst.exe No File
FirewallRules: [{E25EDC1A-5F00-4C24-B45F-D0A4EF15B4AE}] => (Allow) C:\Users\Judy\AppData\Local\Temp\recinstalldl\RecInst.exe No File
FirewallRules: [{46ED5465-3D30-4A90-AAE6-1C0CDFD9E7B1}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{26738F52-A370-489D-8B7C-25D79820DAFF}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{2F15130D-EB4F-4287-A3B5-CDFFE02EAC4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F2907D5-1BDE-4A5B-A3A2-10EFD455ECCC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A368A5FD-4C1B-4003-822B-D2FA7F38187B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{05097669-F187-4866-A29A-D0C4611D2920}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B6F7350-B682-4BA1-8B9C-F834AA67EC2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9EAB8DBD-1F66-4A9D-9CD1-DCCC1397414D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F3797DD9-98AB-4052-9B02-204CE57A88FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0F250090-855A-429F-B779-E9E08C52E9DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A0F2AA7B-8C1B-4095-BDD3-7CC96C8B6F84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FCC104CD-1557-410F-B62D-E9020404A1F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{17237A00-87B6-4FE3-9FEA-9DFA124D9C27}] => (Allow) C:\Users\Judy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1ED64F24-5986-40CB-87F9-EA8812245395}] => (Allow) C:\Users\Judy\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{674981E9-CBC1-45D2-B82F-C1CE3C4BB6BA}] => (Allow) C:\Users\Judy\Downloads\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{9F009DCA-45C0-43AD-8756-706637CC8E14}] => (Allow) C:\Users\Judy\Downloads\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{5BE2507C-E529-485A-82CD-3A45D763CAF3}] => (Allow) C:\Users\Judy\Downloads\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{D6277372-B0B3-41C9-80E0-CC8C76530C40}] => (Allow) C:\Users\Judy\Downloads\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{4B26E8AB-ED90-4578-B0B8-964B80CE60AC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADE601D1-A26F-4B65-8A11-AECDA932D665}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe (AtomPark Software Inc.) [File not signed]
FirewallRules: [{C189F394-8FEF-478E-BC65-A03BE3FB5CF6}] => (Allow) C:\Program Files (x86)\AtomPark\Atomic Email Hunter\AtomicEmailHunter.exe (AtomPark Software Inc.) [File not signed]
FirewallRules: [{4B52BAFB-7129-46AC-92F6-3F1D5137611D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5E0B73AC-4244-4702-ABB0-03DBE29A091E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5357CCC2-918D-41A0-96CB-0F783B231E04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F10B1A39-F9E3-4B9E-B416-A72F97C59C87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EC8F6702-A781-4558-A0E0-10813B10E283}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
 

Judy K

TS Rookie
==================== Restore Points =========================

23-05-2019 17:00:58 Scheduled Checkpoint
01-06-2019 20:56:44 Scheduled Checkpoint
11-06-2019 17:05:36 Scheduled Checkpoint
15-06-2019 09:27:49 Removed iTunes

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2019 08:26:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$DATAMATE" in DLL "perf-MSSQL10_50.DATAMATE-sqlagtctr.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/15/2019 08:26:02 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL SQLAgent$ASI2008. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/15/2019 08:26:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSSQL$DATAMATE" in DLL "perf-MSSQL$DATAMATE-sqlctr10.50.1600.1.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/15/2019 08:26:01 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL MSSQL$ASI2008. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/15/2019 02:23:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OSDManager.exe, version: 1.0.0.1, time stamp: 0x502d8818
Faulting module name: mshtml.dll, version: 11.0.17134.829, time stamp: 0x8429479d
Exception code: 0xc0000005
Fault offset: 0x005873a5
Faulting process id: 0x9fc
Faulting application start time: 0x01d5234b3f8a28dc
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: e8e34482-542a-42f0-9a4d-f27543e22798
Faulting package full name:
Faulting package-relative application ID:

Error: (06/15/2019 02:22:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mepService.exe, version: 1.0.3.0, time stamp: 0x5011017b
Faulting module name: mepService.exe, version: 1.0.3.0, time stamp: 0x5011017b
Exception code: 0xc000000d
Fault offset: 0x0006c179
Faulting process id: 0xfb0
Faulting application start time: 0x01d5234b054fd20c
Faulting application path: C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
Faulting module path: C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
Report Id: aac29512-6c19-4e77-b2f9-4c5410455fc5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/15/2019 02:22:00 PM) (Source: MSSQL$DATAMATE) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$DATAMATE\Performance'. SQL Server performance counters are disabled.

Error: (06/15/2019 02:22:00 PM) (Source: MSSQL$ASI2008) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$ASI2008\Performance'. SQL Server performance counters are disabled.


System errors:
=============
Error: (06/16/2019 11:12:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/16/2019 11:10:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2019 11:10:35 AM) (Source: DCOM) (EventID: 10016) (User: HP-WIN8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HP-Win8\Judy SID (S-1-5-21-2446170218-512241896-1534691390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2019 11:09:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2019 11:09:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2019 11:09:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/16/2019 11:09:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/16/2019 10:52:47 AM) (Source: DCOM) (EventID: 10016) (User: HP-WIN8)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HP-Win8\Judy SID (S-1-5-21-2446170218-512241896-1534691390-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-06-15 14:18:15.163
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.937
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.889
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.780
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.463
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.443
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:50.368
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-06-15 14:12:49.873
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: AMI 8.10 09/25/2012
Motherboard: PEGATRON CORPORATION 2ADC
Processor: Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz
Percentage of memory in use: 84%
Total physical RAM: 4027.82 MB
Available physical RAM: 605.48 MB
Total Virtual: 5538.91 MB
Available Virtual: 930.08 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:462.35 GB) (Free:288.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:450.21 GB) (Free:76.11 GB) NTFS
Drive e: (Recovery Image) (Fixed) (Total:16.69 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (我的光盘) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

\\?\Volume{e802ebb0-e1b5-4c20-b913-fef458aac526}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{3dc87e31-8885-4ec2-9b59-df6273e60171}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{3b55cf73-732e-43eb-8ea0-0a379e658465}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{44288dfb-c1d9-43b6-94b3-cdf841c1320b}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.31 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C8CA4F75)

Partition: GPT.

==================== End of Addition.txt ============================
 

Judy K

TS Rookie
I will be on a road trip starting tomorrow and will not have full access to my computer for about 1 month. I will try to login every time I can to send any further information you may request but it can definitely be more than 5 days at time before I can reply.
 

Broni

Malware Annihilator
No problem.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Judy K

TS Rookie
RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : Judy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190614_091032, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/06/16 16:54:53 (Duration : 00:39:16)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen2 (Potentially Malicious)] HKEY_CLASSES_ROOT\.qmgc -- -> Deleted
[PUP.Auslogics (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Auslogics -- -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FADD0171-6D36-4C3F-8EFB-375F3C42D070} -- [%localappdata%\Temp\recinstalldl\RecInst.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E25EDC1A-5F00-4C24-B45F-D0A4EF15B4AE} -- [%localappdata%\Temp\recinstalldl\RecInst.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1DEA6052-7B03-40BB-BE15-53DE966C8E7D} -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe] -> Deleted
[PUP.Gen1 (Potentially Malicious)] PackageAware -- %localappdata%\PackageAware -> Deleted
[Tr.ProxyAgent (Malicious)] QtGui4.dll -- %localappdata%\QtGui4.dll -> Deleted
[PUP.Auslogics (Potentially Malicious)] Auslogics -- %programdata%\Auslogics -> Deleted
[PUP.InstallPack (Potentially Malicious)] InstallMate -- %programdata%\InstallMate -> Deleted
 

Judy K

TS Rookie
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/16/19
Scan Time: 4:57 PM
Log File: 390e36d1-901d-11e9-a56f-7054d27e3a73.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11074
License: Free

-System Information-
OS: Windows 10 (Build 17134.829)
CPU: x64
File System: NTFS
User: HP-WIN8\Judy

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 377917
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 25 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.ASK, C:\USERS\JUDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2], [454823],1.0.11074
PUP.Optional.ASK, C:\USERS\JUDY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2], [454823],1.0.11074

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Judy K

TS Rookie
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-16-2019
# Duration: 00:00:09
# OS: Windows 10 Home Single Language
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH
Deleted http://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1479 octets] - [16/06/2019 17:37:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Judy K

TS Rookie
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2019
Ran by Judy (administrator) on HP-WIN8 (Hewlett-Packard 23-d003d) (16-06-2019 22:18:43)
Running from C:\Users\Judy\Downloads
Loaded Profiles: Judy (Available Profiles: Judy & Administrator)
Platform: Windows 10 Home Single Language Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) [File not signed] C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\74.4.115\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\74.4.115\QtWebEngineProcess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard ) [File not signed] C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Portrait Displays, Inc. -> Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\dthtml.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(SEIKO EPSON Corporation -> ) C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe
(SEIKO EPSON Corporation -> ) C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\nsWscSvc.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-07-14] (Hewlett-Packard ) [File not signed]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-14] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [120400 2012-08-17] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-15] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-24] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-14] (Hewlett-Packard) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LauncherMX14NF] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Launcher\selaunch.exe [2269936 2012-12-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MX14NF RUN] => C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmRun.exe [363760 2012-12-27] (SEIKO EPSON Corporation -> )
HKLM-x32\...\Run: [StatusAutoRunMX14NF] => "C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmpl.exe" EPSON AL-MX14NF,hide,\S
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2018-12-03] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [Dropbox Update] => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Judy\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Judy\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\RunOnce: [Uninstall 19.070.0410.0007\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Judy\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\amd64"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\RunOnce: [Uninstall 19.070.0410.0007] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Judy\AppData\Local\Microsoft\OneDrive\19.070.0410.0007"
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [36864 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32-x32: [msacm.lame] => lame.ax
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-23] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-20] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2012-08-20] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ant aladdin.lnk [2015-03-12]
ShortcutTarget: ant aladdin.lnk -> C:\Program Files (x86)\Antification\AntAladdin\Ant Aladdin.exe () [File not signed]
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autoStartSignage.bat [2018-07-11] () [File not signed]
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2019-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-06-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 

Judy K

TS Rookie
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06D18631-5504-4A13-852C-7A5FF138AC32} - System32\Tasks\{AC2F51BF-46E2-4997-8803-A416468F17D0} => C:\WINDOWS\system32\pcalua.exe -a "D:\Downloads\Herma Label Design\HLD1.1_EN.exe" -d "D:\Downloads\Herma Label Design"
Task: {076B4B3F-9005-4354-B70A-EE5E2ED5859C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {08E54BEB-D437-4CD1-8061-86E202A59D41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-08-13] (Google Inc -> Google Inc.)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0ABC8A98-858E-466F-B483-AF43CEA5035D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {0CFC6A20-D75B-4D97-A0F4-437454F381B4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {1DEA144D-A23D-4A84-B907-0987FCD3787F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {32D64781-DB3F-4A17-B3E6-E98640EA0F38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CF5B939-F603-4107-8575-161F354228A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3DFA2B99-0270-4035-AFEE-C5A287138FC3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\WSCStub.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {40959587-D009-4CF2-998E-EB74099F1D4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4102C8BA-2BC1-4F6A-A809-077D8317B9AE} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {43AA3915-82B2-42AA-AAC0-8FD1E3BD5848} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {44A12B1E-3E2D-4E8E-985C-BAC20BCF143B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {490BFEDF-27D2-4FA6-8158-C8FE51047009} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {4A04CB62-17A7-4585-8112-8ADE86BC4AC2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {527E793F-4DC4-494F-A4D7-130E088FA777} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {6920C1B9-ED5D-4934-B4C1-F3695F194102} - System32\Tasks\{76B3AB3A-3CFA-4BBB-91CC-D419F6AEB75E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Uninstall.exe"
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70566152-27BD-4DFF-9992-F1A8CC9C9CD1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {7631CF3D-8CA8-4B54-9A6F-A1F19586F7DF} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33980984 2019-06-10] (Adlice -> )
Task: {77F85592-DED6-4037-B681-3DCE846D1CB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7FF7E735-FA08-433E-84C7-7E65227F9427} - System32\Tasks\{967CD0D6-3405-457E-8F1F-2B994E70B71E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Judy\Downloads\notepad\Note manager for Win V3.4.140.3\instmsiw.exe" -d "C:\Users\Judy\Downloads\notepad\Note manager for Win V3.4.140.3"
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {90D37FE2-E584-42CB-B0EB-CA13F19CFC8E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9660F4A7-288E-4C37-ABDC-352EC388276A} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {9A4DF13E-0899-48BF-9ADC-E71DF153CE72} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {A1931E6B-F13B-4029-A78B-B15691111083} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001UA => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A1C2059E-5C58-407E-8E8B-329AF1022B35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-08-13] (Google Inc -> Google Inc.)
Task: {A69B190B-A8BF-420E-ADB4-24B31735C269} - \Optimize Start Menu Cache Files-S-1-5-21-2446170218-512241896-1534691390-1001 -> No File <==== ATTENTION
Task: {A69FFD0B-186D-44FD-9F62-2DAF2C6A6BB2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFC70E66-B07E-4792-B3CE-3CEDF8D6553E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2225296 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {BAF3D517-ED69-4582-8272-86EF760B67A7} - System32\Tasks\HPCeeScheduleForJudy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {BB6E329E-0A64-4620-A727-F1F63BBD68C1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BEE6D22E-62A3-41CF-8BAC-00782C02ADB8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-07-28] (CyberLink -> CyberLink)
Task: {C62E7597-7BC4-434D-9CC0-9B6A624B3EEF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA4D5C30-1D53-4B89-812C-DF5961B57EFD} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\SymErr.exe [101392 2019-05-25] (Symantec Corporation -> Symantec Corporation)
Task: {CA829C40-4866-40F7-B6FA-F9A9AFC62CE3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CCCEEB8C-8387-4B5C-840D-00CB6A512509} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001Core => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {CD67AFD2-59F1-4D1F-9265-E6EBED86F9C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D31B8DC7-8F86-4E54-A2F1-925DE5DF38FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {D8DFE977-C96A-4D10-98BC-B04C7629B2BE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2018-05-04] (HP Inc. -> HP Inc.)
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E7AF5793-EF64-4B5A-9087-CF17A364E903} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {F045E025-3AEB-4121-AE49-1CE61C058C4F} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2446170218-512241896-1534691390-1001 -> No File <==== ATTENTION
Task: {F073A4B7-A43D-483A-946F-BE323CAFA005} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.)
Task: {F1E3B61C-6EF0-4814-A9EA-F3F15C572FC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F3ECD9C7-8EFA-4D17-9DBE-B378B5447052} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F4A1F838-BFD6-4036-A818-EC3A81E75364} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [135349160 2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7CAC4AC-2F83-45B5-9C8E-E0A29AAB76CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [652664 2019-04-17] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001Core.job => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2446170218-512241896-1534691390-1001UA.job => C:\Users\Judy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJudy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3648495f-7885-45ae-b33f-cb47a9c8c250}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{622c8537-b961-4ff3-affc-667b725aced0}: [NameServer] 192.168.1.253,8.8.8.8
Tcpip\..\Interfaces\{e2f27193-f951-4015-bfe0-d6353f1e9bcf}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2446170218-512241896-1534691390-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPDTDFJS
SearchScopes: HKU\S-1-5-21-2446170218-512241896-1534691390-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.16.3.21&locale=en_GB&guid=C24FEB97-372F-4461-8F5B-ED1F636EB086&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-05-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.17.2.46\coIEPlg.dll [2019-05-25] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default [2018-06-23]
FF Extension: (Norton Identity Safe) - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default\Extensions\idsafe@norton.com.xpi [2018-06-23]
FF Extension: (SEOquake) - C:\Users\Judy\AppData\Roaming\Mozilla\Firefox\Profiles\eknib1xm.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2018-02-14]
FF HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Firefox\Extensions: [SoundFrost@helper.com] - C:\Program Files (x86)\Download Free Music\SoundFrost.xpi
FF Extension: (SoundFrost) - C:\Program Files (x86)\Download Free Music\SoundFrost.xpi [2014-12-10] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npAstroBrowserPlugin.dll [2015-03-01] (Measat Broadcast Network Systems) [File not signed]
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-11-11] () [File not signed]
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Judy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-05] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Judy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-11-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-2446170218-512241896-1534691390-1001: hp.com/HPDetect -> C:\Users\Judy\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP) [File not signed]
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-01-11]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH
CHR StartupUrls: Default -> "hxxp://websearch.searchsun.info/?pid=724&r=2014/05/01&hid=14004371772434541409&lg=EN&cc=TH","hxxps://www.google.com/"
CHR NewTab: Default -> Active:"chrome-extension://gkjahlcnbjiangkneanonnndppicobbd/homePageRedirect.html", Active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default [2019-06-16]
CHR Extension: (Norton Password Manager) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-06-14]
CHR Extension: (SEOquake) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2019-05-17]
CHR Extension: (Docs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-30]
CHR Extension: (Google Drive) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Norton Safe Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogpedgkejfmehnklhahflpmplhiceal [2019-05-17]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-05-17]
CHR Extension: (iCloud Bookmarks) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2019-05-17]
CHR Extension: (Norton Safe Web) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Norton Safe Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjahlcnbjiangkneanonnndppicobbd [2019-05-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2019-06-14]
CHR Extension: (IE Tab) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2019-06-15]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2019-05-17]
CHR Extension: (Messages Saver for Facebook™) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdhmijdgjnlbdkfgdmolcjnflmlhf [2016-09-20]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2019-05-24]
CHR Extension: (Norton Home Page) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhffmephdchhhbfjmdpoaldedhhdanbn [2019-05-17]
CHR Extension: (Norton Safe) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2019-05-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-17]
CHR Extension: (LogMeIn) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2019-05-17]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-23]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [obgmhlafhebbinlgppoojofbekbpncmg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Judy\AppData\Local\Temp\ccex.crx <not found>
 

Judy K

TS Rookie
==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [136784 2012-08-17] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [97776 2018-04-04] (INTERNET PROJECT LLC -> Freemake)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQL$ASI2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$DATAMATE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\sqlservr.exe [61913952 2010-04-04] (Microsoft Corporation -> Microsoft Corporation)
S2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703616 2012-07-26] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 NortonSecurity; C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\NortonSecurity.exe [225608 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files (x86)\Norton 360\Engine\22.17.2.46\nsWscSvc.exe [933200 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R2 SENADB; C:\Program Files (x86)\EPSON_P2B\Printer Software\Status Monitor\seksmdb.exe [104176 2012-12-27] (SEIKO EPSON Corporation -> )
S4 SQLAgent$ASI2008; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASI2008\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLAgent$DATAMATE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATAMATE\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-04] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11446104 2019-04-24] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-20] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21652000 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [684560 2015-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2018-04-12] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190610.001\BHDrvx64.sys [1934048 2019-02-12] (Symantec Corporation -> Symantec Corporation)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\ccSetx64.sys [192704 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink -> CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-10] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-06-12] (Symantec Corporation -> Symantec Corporation)
R3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Chicony Electronics Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20190613.061\IDSvia64.sys [1441800 2019-04-19] (Symantec Corporation -> Symantec Corporation)
S3 lehidmini; C:\WINDOWS\System32\drivers\leath_hid.sys [39704 2012-08-20] (Atheros Communications Inc. -> Atheros)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-16] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895224 2016-02-17] (Realtek Semiconductor Corp -> Realtek )
R1 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSP64.SYS [864776 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SRTSPX64.SYS [49672 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [543744 2012-10-18] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SYMEFASI64.SYS [1998552 2019-05-25] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\SymELAM.sys [25744 2019-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100064 2019-03-21] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\SymPlatform\SymEvnt.sys [712200 2019-06-08] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\Ironx64.SYS [315912 2019-05-25] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\symnets.sys [573448 2019-05-25] (Symantec Corporation -> Symantec Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-16] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611020.02E\wpCtrlDrv.sys [1012120 2019-05-25] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-16 18:07 - 2019-06-16 18:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-06-16 17:42 - 2019-06-16 17:42 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-16 17:35 - 2019-06-16 17:39 - 000000000 ____D C:\AdwCleaner
2019-06-16 17:34 - 2019-06-16 17:34 - 007025360 _____ (Malwarebytes) C:\Users\Judy\Downloads\AdwCleaner.exe
2019-06-16 17:34 - 2019-06-16 17:34 - 000001455 _____ C:\Users\Judy\Desktop\malware.txt
2019-06-16 16:10 - 2019-06-16 16:10 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-06-16 16:09 - 2019-06-16 16:09 - 000003138 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-06-16 16:09 - 2019-06-16 16:09 - 000000000 ____D C:\ProgramData\RogueKiller
2019-06-16 16:08 - 2019-06-16 16:55 - 000000000 ____D C:\Program Files\RogueKiller
2019-06-16 16:08 - 2019-06-16 16:08 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-06-16 16:08 - 2019-06-16 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-16 15:51 - 2019-06-16 15:52 - 029932744 _____ (Adlice Software ) C:\Users\Judy\Downloads\RogueKiller_setup_ref3.exe
2019-06-16 12:13 - 2019-06-16 12:16 - 000068267 _____ C:\Users\Judy\Downloads\Addition.txt
2019-06-16 12:10 - 2019-06-16 22:20 - 000050093 _____ C:\Users\Judy\Downloads\FRST.txt
2019-06-16 12:08 - 2019-06-16 22:18 - 000000000 ____D C:\FRST
2019-06-16 12:08 - 2019-06-16 12:08 - 000000000 ____D C:\Users\Judy\Downloads\FRST-OlderVersion
2019-06-16 12:05 - 2019-06-16 12:08 - 002418688 _____ (Farbar) C:\Users\Judy\Downloads\FRST64.exe
2019-06-14 22:07 - 2019-06-14 22:07 - 002953520 _____ (AVAST Software) C:\Users\Judy\Downloads\avast-browser-cleanup.exe
2019-06-12 14:36 - 2019-06-07 18:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 14:36 - 2019-06-07 18:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 14:36 - 2019-06-07 17:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 14:36 - 2019-06-07 17:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 14:36 - 2019-06-07 17:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 14:36 - 2019-06-07 17:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 14:36 - 2019-06-07 17:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 14:36 - 2019-06-07 17:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 14:36 - 2019-06-07 17:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 14:36 - 2019-06-07 17:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 14:36 - 2019-06-07 17:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 14:36 - 2019-06-07 13:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 14:36 - 2019-06-07 12:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 14:36 - 2019-06-07 12:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 14:36 - 2019-06-07 12:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 14:36 - 2019-06-07 12:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 14:36 - 2019-06-07 12:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 14:36 - 2019-06-07 12:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 14:36 - 2019-06-07 12:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 14:36 - 2019-06-07 12:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 14:36 - 2019-06-07 12:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 14:36 - 2019-06-07 12:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 14:36 - 2019-06-07 12:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 14:36 - 2019-06-07 12:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 14:36 - 2019-06-07 12:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 14:36 - 2019-06-07 12:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 14:36 - 2019-06-07 12:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 14:36 - 2019-06-07 12:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 14:36 - 2019-06-07 12:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 14:36 - 2019-06-07 12:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 14:36 - 2019-06-07 12:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 14:36 - 2019-06-07 12:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 14:36 - 2019-06-07 12:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 14:36 - 2019-06-07 12:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 14:36 - 2019-06-07 12:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 14:36 - 2019-05-19 05:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 14:36 - 2019-05-17 19:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 14:36 - 2019-05-17 19:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 14:36 - 2019-05-17 19:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 14:36 - 2019-05-17 19:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 14:36 - 2019-05-17 19:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 14:36 - 2019-05-17 19:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 14:36 - 2019-05-17 13:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 14:36 - 2019-05-17 13:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 14:36 - 2019-05-17 13:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 14:36 - 2019-05-17 13:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 14:36 - 2019-05-17 13:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 14:36 - 2019-05-17 13:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 14:36 - 2019-05-17 13:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 14:36 - 2019-05-17 13:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 14:36 - 2019-05-17 13:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 14:36 - 2019-05-17 13:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 14:36 - 2019-05-17 12:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 14:36 - 2019-05-17 12:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 14:36 - 2019-05-17 12:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 14:36 - 2019-05-17 12:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 14:36 - 2019-05-17 12:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 14:36 - 2019-05-17 12:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 14:36 - 2019-05-17 12:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 14:35 - 2019-06-07 17:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 14:35 - 2019-06-07 17:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 14:35 - 2019-06-07 17:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 14:35 - 2019-06-07 17:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 14:35 - 2019-06-07 17:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 14:35 - 2019-06-07 13:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 14:35 - 2019-06-07 12:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 14:35 - 2019-06-07 12:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 14:35 - 2019-06-07 12:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 14:35 - 2019-06-07 12:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 14:35 - 2019-06-07 12:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 14:35 - 2019-06-07 12:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 14:35 - 2019-06-07 12:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 14:35 - 2019-06-07 12:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 14:35 - 2019-06-07 12:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 14:35 - 2019-06-07 12:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 14:35 - 2019-06-07 12:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 14:35 - 2019-06-07 12:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 14:35 - 2019-06-07 12:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 14:35 - 2019-06-07 12:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 14:35 - 2019-06-07 12:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 14:35 - 2019-06-07 12:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 14:35 - 2019-06-07 12:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 14:35 - 2019-06-07 12:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 14:35 - 2019-06-07 12:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 14:35 - 2019-06-07 12:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 14:35 - 2019-06-07 12:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 14:35 - 2019-06-07 12:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 14:35 - 2019-06-07 12:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 14:35 - 2019-06-07 11:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 14:35 - 2019-05-19 05:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 14:35 - 2019-05-19 05:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 14:35 - 2019-05-19 05:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 14:35 - 2019-05-17 19:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 14:35 - 2019-05-17 19:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 14:35 - 2019-05-17 19:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 14:35 - 2019-05-17 19:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 14:35 - 2019-05-17 19:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 14:35 - 2019-05-17 19:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 14:35 - 2019-05-17 19:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 14:35 - 2019-05-17 19:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 14:35 - 2019-05-17 19:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 14:35 - 2019-05-17 19:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 14:35 - 2019-05-17 19:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 14:35 - 2019-05-17 19:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 14:35 - 2019-05-17 18:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 14:35 - 2019-05-17 18:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 14:35 - 2019-05-17 18:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 14:35 - 2019-05-17 18:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 14:35 - 2019-05-17 18:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 14:35 - 2019-05-17 18:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 14:35 - 2019-05-17 16:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 14:35 - 2019-05-17 15:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 14:35 - 2019-05-17 14:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 14:35 - 2019-05-17 13:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 14:35 - 2019-05-17 13:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 14:35 - 2019-05-17 13:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 14:35 - 2019-05-17 13:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 14:35 - 2019-05-17 13:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 14:35 - 2019-05-17 13:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 14:35 - 2019-05-17 13:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 14:35 - 2019-05-17 13:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 14:35 - 2019-05-17 13:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 14:35 - 2019-05-17 13:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 14:35 - 2019-05-17 13:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 14:35 - 2019-05-17 13:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 14:35 - 2019-05-17 13:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 14:35 - 2019-05-17 13:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 14:35 - 2019-05-17 13:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 14:35 - 2019-05-17 13:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 14:35 - 2019-05-17 13:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 14:35 - 2019-05-17 13:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 14:35 - 2019-05-17 13:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 14:35 - 2019-05-17 13:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 14:35 - 2019-05-17 13:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 14:35 - 2019-05-17 13:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 14:35 - 2019-05-17 13:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 14:35 - 2019-05-17 13:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 14:35 - 2019-05-17 13:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 14:35 - 2019-05-17 13:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 14:35 - 2019-05-17 13:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 14:35 - 2019-05-17 13:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 14:35 - 2019-05-17 12:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 14:35 - 2019-05-17 12:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 14:35 - 2019-05-17 12:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 14:35 - 2019-05-17 12:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 14:35 - 2019-05-17 12:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 14:35 - 2019-05-17 12:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 14:35 - 2019-05-17 12:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 14:35 - 2019-05-17 12:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 14:35 - 2019-05-17 12:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 14:35 - 2019-05-17 12:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 14:35 - 2019-05-17 12:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 14:35 - 2019-05-17 12:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 14:35 - 2019-05-17 12:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 14:35 - 2019-05-17 12:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 14:35 - 2019-05-17 12:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 14:35 - 2019-05-17 12:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 14:35 - 2019-05-17 12:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 14:35 - 2019-05-17 12:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 14:35 - 2019-05-17 12:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 05:22 - 2019-06-16 17:28 - 000000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJudy.job
2019-06-12 05:22 - 2019-06-16 11:22 - 000003232 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJudy
2019-06-09 09:21 - 2019-06-09 09:51 - 000000996 _____ C:\Users\Public\Desktop\Intelligent Lock Management System.lnk
2019-06-09 09:21 - 2019-06-09 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLock
2019-06-06 08:57 - 2019-06-16 19:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2019-06-06 08:55 - 2019-06-06 09:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-06-06 08:55 - 2019-06-06 08:55 - 000003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-06-06 08:27 - 2019-06-06 08:27 - 000000000 ____D C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-01 20:37 - 2019-06-01 20:42 - 000000000 ____D C:\Users\TEMP
2019-05-24 20:22 - 2019-05-24 20:22 - 006881808 _____ (Jan Fiala ) C:\Users\Judy\Downloads\pspad501_setup_int.exe
2019-05-24 20:06 - 2019-05-24 20:06 - 095438466 _____ C:\Users\Judy\Downloads\2019 Winter (2) 2.AVI
2019-05-24 20:00 - 2019-05-24 20:00 - 000428116 _____ C:\Users\Judy\Downloads\2019 Winter (1).3gp
2019-05-24 15:20 - 2019-05-24 15:20 - 000000000 ____D C:\Users\Judy\AppData\Local\mbamtray
2019-05-24 15:20 - 2019-05-24 15:20 - 000000000 ____D C:\Users\Judy\AppData\Local\mbam
2019-05-24 15:19 - 2019-05-24 15:19 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-24 15:19 - 2019-05-24 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-24 15:19 - 2019-05-24 15:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-24 15:19 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-24 15:19 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-24 15:18 - 2019-05-24 15:18 - 063182216 _____ (Malwarebytes ) C:\Users\Judy\Downloads\mb3-setup-37469.37469-3.7.1.2839-1.0.586-1.0.10430.exe
2019-05-22 21:02 - 2019-05-22 21:05 - 000000000 ____D C:\Users\Judy\AppData\Local\PlaceholderTileLogoFolder
2019-05-22 19:50 - 2019-05-22 20:05 - 065552400 _____ (Movavi) C:\Users\Judy\Downloads\MovaviScreenCaptureSetupC.exe
 

Judy K

TS Rookie
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-16 22:06 - 2018-06-09 03:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-16 21:25 - 2015-11-22 10:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-16 20:35 - 2018-06-09 03:10 - 000002401 _____ C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-16 20:35 - 2014-04-18 08:29 - 000000000 __RDO C:\Users\Judy\OneDrive
2019-06-16 17:53 - 2018-04-12 06:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-16 17:42 - 2014-01-27 15:40 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-06-16 17:41 - 2018-06-09 03:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-16 17:40 - 2018-04-12 04:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-16 17:29 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-16 17:28 - 2018-04-12 04:04 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2019-06-16 13:15 - 2018-04-12 06:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-15 14:24 - 2014-01-28 08:34 - 000000000 ____D C:\Users\Judy\AppData\Local\CrashDumps
2019-06-15 13:56 - 2015-05-12 09:40 - 000000000 ____D C:\Users\Judy\AppData\Local\NPE
2019-06-15 13:43 - 2015-05-12 09:43 - 000000000 ____D C:\NPE
2019-06-15 12:54 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-15 10:05 - 2018-08-03 16:42 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2FAA0801-BB5F-489F-A8E5-F755F8C7EB56}
2019-06-15 09:21 - 2014-04-22 04:38 - 000000000 ____D C:\Users\Judy\AppData\Local\IE Tab
2019-06-14 22:17 - 2015-09-10 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 19:28 - 2014-01-28 09:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-06-13 19:13 - 2019-04-29 21:03 - 000000000 ____D C:\Program Files (x86)\HIP Premium Time 2.0.4
2019-06-12 18:02 - 2018-04-12 06:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-12 17:51 - 2018-06-09 03:08 - 000936440 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 17:47 - 2015-12-14 04:52 - 000000000 ___RD C:\Users\Judy\3D Objects
2019-06-12 17:46 - 2018-06-09 03:02 - 000588480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 17:42 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 14:46 - 2018-04-12 06:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-12 14:34 - 2014-01-28 15:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 14:28 - 2014-01-28 15:42 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-12 05:22 - 2018-06-09 03:09 - 000000000 ____D C:\Users\Judy
2019-06-11 22:00 - 2017-12-12 18:34 - 000000000 ____D C:\Users\Judy\AppData\Local\Packages
2019-06-11 16:03 - 2019-03-13 12:34 - 006234168 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-06-11 16:03 - 2018-06-09 03:20 - 000004570 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-11 16:03 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-09 09:48 - 2019-02-13 11:43 - 000000000 ____D C:\Program Files (x86)\Intelligent Lock Management System
2019-06-06 20:40 - 2018-06-09 03:21 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2446170218-512241896-1534691390-1001
2019-06-06 09:42 - 2015-06-12 08:37 - 000000000 ____D C:\Program Files\Common Files\AV
2019-06-06 09:16 - 2018-02-22 20:18 - 000002421 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-06-06 08:55 - 2018-02-04 07:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-06-06 08:29 - 2014-02-23 17:45 - 000000000 ____D C:\Users\Judy\AppData\Roaming\Dropbox
2019-05-31 16:23 - 2014-07-29 17:04 - 000000000 ____D C:\Users\Judy\AppData\Roaming\FileZilla
2019-05-31 08:57 - 2018-11-14 17:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-31 08:57 - 2018-11-14 17:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-24 20:32 - 2018-08-03 14:42 - 000000000 ____D C:\Users\Judy\AppData\Local\FileZilla
2019-05-24 20:30 - 2018-08-03 14:42 - 000002164 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2019-05-24 20:30 - 2014-07-29 17:02 - 000000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2019-05-24 20:29 - 2014-07-29 17:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-05-24 20:23 - 2016-03-20 09:47 - 000001087 _____ C:\Users\Judy\Desktop\PSPad.lnk
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\Users\Judy\AppData\Roaming\PSpad
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2019-05-24 20:23 - 2016-03-20 09:47 - 000000000 ____D C:\Program Files (x86)\PSPad editor
2019-05-24 15:20 - 2014-12-16 12:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-24 15:19 - 2018-04-12 06:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-23 16:18 - 2016-08-13 21:14 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-23 16:18 - 2016-08-13 21:14 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-17 17:51 - 2018-11-17 08:03 - 000000000 ____D C:\Program Files\rempl
2019-05-17 13:40 - 2012-07-26 12:26 - 000000167 _____ C:\WINDOWS\win.ini
2019-05-17 11:23 - 2018-04-12 06:38 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ================

2014-01-28 08:39 - 2014-01-28 08:40 - 000032516 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2018-04-08 14:11 - 2018-04-08 14:11 - 000000128 ____H () C:\Users\Judy\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-12-15 11:21 - 2015-12-15 11:20 - 000089730 _____ () C:\Users\Judy\AppData\Roaming\HomeImage.jpg
2015-12-15 11:21 - 2015-12-15 11:20 - 000089730 _____ () C:\Users\Judy\AppData\Roaming\ReportImage.jpg
2014-12-10 12:34 - 2013-03-18 17:45 - 001122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Judy\AppData\Local\libeay32.dll
2014-12-10 12:36 - 2014-12-10 21:42 - 000375693 _____ () C:\Users\Judy\AppData\Local\log.txt
2014-12-10 12:34 - 2011-06-11 00:58 - 000421200 _____ (Microsoft Corporation) C:\Users\Judy\AppData\Local\msvcp100.dll
2014-12-10 12:34 - 2011-06-11 00:58 - 000773968 _____ (Microsoft Corporation) C:\Users\Judy\AppData\Local\msvcr100.dll
2014-12-10 12:34 - 2014-07-07 10:54 - 002599936 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtCore4.dll
2014-12-10 12:34 - 2014-04-20 02:38 - 001053184 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtNetwork4.dll
2014-12-10 12:34 - 2014-04-20 04:40 - 013108224 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Judy\AppData\Local\QtWebKit4.dll
2014-12-10 12:34 - 2013-03-18 17:45 - 000274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Judy\AppData\Local\ssleay32.dll
2014-12-10 12:36 - 2014-12-10 18:50 - 000260542 _____ () C:\Users\Judy\AppData\Local\viewer.txt

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

Judy K

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2019
Ran by Judy (16-06-2019 22:21:28)
Running from C:\Users\Judy\Downloads
Windows 10 Home Single Language Version 1803 17134.829 (X64) (2018-06-08 20:38:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2446170218-512241896-1534691390-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2446170218-512241896-1534691390-503 - Limited - Disabled)
Guest (S-1-5-21-2446170218-512241896-1534691390-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2446170218-512241896-1534691390-1018 - Limited - Enabled)
Judy (S-1-5-21-2446170218-512241896-1534691390-1001 - Administrator - Enabled) => C:\Users\Judy
printer (S-1-5-21-2446170218-512241896-1534691390-1019 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2446170218-512241896-1534691390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DC7C952E-3B17-9BBE-CED0-152DB6B0BAA2}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AntAladdin (HKLM-x32\...\{4A1D7844-2B6E-4B25-A3BC-8B5AB61FDEDB}) (Version: 1.0.2 - Antification)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Astro on the Go video player Browser Plugin (HKLM-x32\...\{AB6591F2-C1F6-4ABD-8C16-F1F87CEBF37E}) (Version: 3.14.6.7628 - Measat Broadcast Network Systems Sdn Bhd)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.6.5 - ASUS)
Atomic Email Hunter 15.0.0.390 (HKLM-x32\...\AtomicEmailHunter_is1) (Version: 15.0.0.390 - AtomPark Software Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon SELPHY CP910 (HKLM\...\Canon SELPHY CP910) (Version: - )
Cisco WebEx Meetings (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CMS (HKLM-x32\...\CMS) (Version: - )
CMS2000 version 1.0 (HKLM-x32\...\CMS2000_is1) (Version: 1.0 - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4407 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Database Password Sleuth 1.05 (full) (HKLM-x32\...\Database Password Sleuth_is1) (Version: 1.05 - Shatterock Technologies)
Dropbox (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
Dvr CMS (HKLM-x32\...\Dvr CMS) (Version: - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON AcuLaser MX14NF (HKLM-x32\...\{B64E8CB4-213B-4B30-AF72-BC975BBBB1D4}) (Version: 1.025.00 - EPSON) Hidden
EPSON AcuLaser MX14NF (HKLM-x32\...\InstallShield_{B64E8CB4-213B-4B30-AF72-BC975BBBB1D4}) (Version: 1.025.00 - EPSON)
Epson Easy Photo Print 2 (HKLM-x32\...\{4FB984CB-4CE4-4104-A554-D04CEFE3D690}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{892A2A95-311C-4FE7-921E-5511358BB7F4}) (Version: 2.40.0005 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FacebookPRO v2.20 (HKLM-x32\...\FacebookPRO_is1) (Version: - )
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
FileZilla Client 3.42.1 (HKLM-x32\...\FileZilla Client) (Version: 3.42.1 - Tim Kosse)
Forex Gemini Code (HKLM-x32\...\Forex Gemini Code) (Version: - )
ForexPrecogESP (HKLM-x32\...\ForexPrecogESP) (Version: - )
ForexPrecogIndicators (HKLM-x32\...\ForexPrecogIndicators) (Version: - )
Freemake Video Converter version 4.1.10.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10.0 - Ellora Assets Corporation)
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
FXCM Trading Station (HKLM-x32\...\FXTS2) (Version: - Forex Capital Markets, LLC ("FXCM LLC"))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HERMA Label Designer plus 1.1 (HKLM-x32\...\{7DA64485-2CEE-4F7B-84AB-B287236703B6}) (Version: 1.00.0000 - HERMA GmbH)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HIP Premium Time 2.0.4 (HKLM-x32\...\HIP Premium Time 2.0.4) (Version: 2.0.4 - HIP Global co.,Ltd.)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.7 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.12.004 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{F322B446-B157-4257-B44F-4F22D41F8EDB}) (Version: 8.7.50.3 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{20907839-6188-46EF-8AE7-141C86EDE13F}) (Version: 12.10.49.21 - HP Inc.)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HydraVision (HKLM-x32\...\{866A5B13-0B3E-9402-9D1D-62E33DC1F21D}) (Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{28ABC5D7-AF47-4476-A6AA-C2DD822ED40F}) (Version: 7.9.0.9 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6419.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intelligent Lock Management System V2.2 (HKLM-x32\...\{70B6926B-62C8-4947-8B6F-A0711D851B0C}_is1) (Version: - )
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
iVMS-4200(v2.4.1.3) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.4.1.3 - hikvision)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
LED Digit Board (HKLM-x32\...\{22F3D128-2106-489D-8BA3-CD18BBC70708}) (Version: - )
LQ-300+II User's Guide (HKLM-x32\...\LQ-300+II User's Guide) (Version: - )
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{48B08845-0CB0-45EC-893C-15319ADDA312}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{F7954B53-8522-450D-B262-B362B440FEC0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.0.3.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version: - )
Norton 360 (HKLM-x32\...\NGC) (Version: 22.17.2.46 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PanaVue ImageAssembler 3.5.0 (HKLM-x32\...\{71D91178-0A18-4519-98CA-C2E85EBEBD96}) (Version: 3.5.0 - PanaVue)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.1.312 - Jan Fiala)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.0.2 - hikvision)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.28.007 - Portrait Displays, Inc.) Hidden
SendBlaster 3 (HKLM-x32\...\{486575DF-CC13-4F89-8636-C2CC5BDA7246}) (Version: 003.001.00006 - eDisplay srl)
Serif MoviePlus Starter Edition (HKLM-x32\...\{2A9D6191-23DB-463E-BB1B-1642C9756B7C}) (Version: 1.0.0.008 - Serif (Europe) Ltd)
Serif PhotoPlus X6 (HKLM\...\{CCD2C5E4-F484-4499-BCB3-61E787416757}) (Version: 16.0.1.029 - Serif (Europe) Ltd)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM-x32\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SignagePlayer (HKLM-x32\...\SignagePlayer.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 5.0.106 - Signage)
SignageStudio (HKLM-x32\...\SignageStudio.86EE3EEE54D7DB049D16E358CDC443F088917621.1) (Version: 5.1.42 - Signage)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SQL Server 2008 R2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (HKLM\...\{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Target Entry Elevator (HKLM-x32\...\Target Entry Elevator) (Version: - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.2.36215 - TeamViewer)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4464593) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D21509F9-FB24-4770-8F6B-616E510F2FB9}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
WaterLink Connect (HKLM-x32\...\{03A95C1E-85BD-4B26-B027-C9501D2D33E1}) (Version: 1.9.15 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\{435E77C4-A9D7-4D4C-9823-B6616CDDF404}) (Version: 1.7.0 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\{A5386BC4-2BA6-4A03-B7C1-9483A0B9AB05}) (Version: 1.4.8 - LaMotte) Hidden
WaterLink Connect (HKLM-x32\...\WaterLink Connect) (Version: 1.9.15 - LaMotte)
WaterLink DataMate 10 (HKLM-x32\...\{81F743BC-0AB7-4826-885C-6CAC67882D27}) (Version: 10.8.8.12 - LaMotte) Hidden
WaterLink DataMate 10 (HKLM-x32\...\WaterLink DataMate 10) (Version: 10.8.8.12 - LaMotte)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
WebEx Recorder and Player (HKLM-x32\...\{B4E14374-780F-48AB-8884-C7BBC02DB342}) (Version: 29.9.0.10115 - Cisco WebEx LLC)
WicReset version 3.0.80.35 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 3.0.80.35 - WWW.WIC.SUPPORT)
Windows Driver Package - LaMotte LaMottePnP Driver for WinXP and Win7 (07/08/2012 6.0.0.0) (HKLM\...\5F26A79801D79C161A994081FD24721382C47168) (Version: 07/08/2012 6.0.0.0 - LaMotte)
Windows Driver Package - LaMotte LaMottePnP Driver for WinXP and Win7 (10/26/2016 7.0.0.0) (HKLM\...\1C20FF46604597100216233F6059FC13B9107A7D) (Version: 10/26/2016 7.0.0.0 - LaMotte)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wondershare Filmora(Build 8.6.1) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
ZIP Password Recovery Professional (HKLM-x32\...\ZIP Password Recovery Professional) (Version: - SmartKey, Inc.)
Zoom (HKU\S-1-5-21-2446170218-512241896-1534691390-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)