WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't run aswMBR kicked off computer

Started by fiveone5 , May 01 2020 08:09 PM

This topic is locked

11 replies to this topic

#1 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 01 May 2020 - 08:09 PM

First thank you for any and all help. You are my go to team!

Having issues with slow, odd acting computer.

4 or 5 emails over past week from different addresses, ransom with bitcoin, delete ASAP.

Computer was acting up before they came.

Win 10 keep updated, use CCleaner, Super Anti-spyware, Revo Uninstaller, Malwarebytes Premium.

Run them every day or so.

At first Malwarebytes Premium did not want to allow download of aswMBR.

Got the download, tried 3 times, runs so far than computer restarts.

Attached Thumbnails

Advertisements

Register to Remove

#2 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 May 2020 - 05:43 AM

For the time being let's just move on.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 02 May 2020 - 06:50 AM

Malwarebytes Browser Guard should I turn it off? Maybe an issue with downloading the tools...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-04-2020
Ran by Karen (administrator) on HP (Hewlett-Packard 550-047c) (02-05-2020 08:31:19)
Running from C:\Users\Karen\Downloads
Loaded Profiles: Karen (Available Profiles: Karen)
Platform: Windows 10 Home Version 1909 18363.815 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <5>
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-03-24] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3769248 2019-03-19] (HP Inc -> HP Inc.)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-01-22] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [567296 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe [2020-04-29] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-01-30] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-01-30] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0234CBC1-F1F7-4794-8640-34B62DC0DA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)
Task: {027409DF-D5C6-443F-8F9C-A7B9ACD2D107} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {02AAFC98-78B5-4306-8CCC-16F401EDDAB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {04EB000B-DE21-4843-AF0B-69AED103FA3E} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [484208 2015-01-15] (Dropbox, Inc -> )
Task: {17F897C6-9856-4000-9C7B-0E7F43E46090} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B1AB0BE-24EC-406F-8972-C1161963F0D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-20] (Google Inc -> Google Inc.)
Task: {1B34A633-4AD7-463B-B96C-36144D849705} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E2C9A91-8CD4-40AB-AA5D-E5711BAD4FB9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {252B660C-EA3A-483B-A54A-81B5A2246558} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {290745EA-588E-4075-B643-1882941CA2E7} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {2CE6DFD8-5F82-4B31-BE17-5A9F0EFE7DC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {33A295BC-26E5-4047-AEB4-48F51A931841} - System32\Tasks\Macrium-Backup-{10A2D43F-63B9-47D8-8580-EC4D9490EECD} => C:\Program Files\Macrium\Reflect\Reflect.exe [328720 2019-05-07] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
Task: {341281DA-C59F-4395-96A6-0094CDCCF261} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3DE48816-03ED-4FA8-BEFA-45912B700883} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {4FD9E44A-42D3-4529-9541-7D4E1C63101E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {59C35227-074B-4499-A74A-69A029A813D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68029BCB-E2C9-456F-A587-C61736B86BC6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D0A1D93-434F-4D57-9395-7CC613AE187F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-15] (Adobe Inc. -> Adobe)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {72507967-D36E-48ED-84EA-D522BD6FFF14} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-15] (Adobe Inc. -> Adobe)
Task: {73FBFD55-A71E-475A-9BBA-582430B4BFD3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286096 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BD67EAC-DB36-409F-AC2A-C35732069995} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
Task: {8150B613-9E3A-4D5F-AC2E-554D34DA6A22} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4716280 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8B6B33FE-BBBA-41E7-B161-E6AFFAD5F42D} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {8EDC078F-5D34-48CC-896A-8CA65078561F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {94910FAC-4630-4BDD-BE37-B0AF81FA0354} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe
Task: {9626B1C0-A597-43C6-9244-1D222097175D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [286096 2020-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DC94647-DD5F-46D0-BB6F-91675B91951A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B215CE82-089E-4B07-A91A-62981244A25F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-15] (Adobe Inc. -> Adobe)
Task: {B3582184-3BD8-45C0-84E3-BF15AFD6894B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {BBE9A699-40D5-4B84-B062-E54D6E5CAA7E} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {BC024045-BB0A-4C0E-9D90-8D925055961A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-20] (Google Inc -> Google Inc.)
Task: {C32F4322-F569-4319-9767-02324563EAE9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {E66967B9-CEB7-4C12-9635-5849770ECBC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [320856 2020-04-23] (HP Inc. -> HP Inc.)
Task: {F116CB34-B495-4A29-9630-6F51C26DA0A9} - System32\Tasks\Macrium-Backup-{C170185C-AFD4-4E39-A8D2-284181CC0B23} => C:\Program Files\Macrium\Reflect\Reflect.exe [328720 2019-05-07] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
Task: {F2915F59-DAC0-4B83-AA39-72C7EC8D9E1D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-17] (HP Inc. -> )
Task: {F756CF33-37CD-46A5-ADD7-0F35C9FDB424} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Macrium-Backup-{10A2D43F-63B9-47D8-8580-EC4D9490EECD}.job => C:\Program Files\Macrium\Reflect\Reflect.exeg-e -w C:\Users\Karen\Documents\Reflect\My Backup.xml
Task: C:\WINDOWS\Tasks\Macrium-Backup-{C170185C-AFD4-4E39-A8D2-284181CC0B23}.job => C:\Program Files\Macrium\Reflect\Reflect.exeg-e -w C:\Users\Karen\Documents\Reflect\My Backup.xml

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96bba8af-24b2-48dd-b001-f7226bfa90f4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d0582bfb-0377-4e0e-aae2-6bad7d93d809}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hp13.msn.com
hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH -> Eyeo GmbH) [File not signed]
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2019-10-14] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH -> Eyeo GmbH) [File not signed]
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-10-24] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Karen\Downloads

FireFox:
========
FF DefaultProfile: x8lojlup.default
FF ProfilePath: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default [2020-05-02]
FF Homepage: Mozilla\Firefox\Profiles\x8lojlup.default -> hxxp://www.refdesk.com/
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-04-28]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\support@lastpass.com.xpi [2020-04-17]
FF Extension: (Avast Online Security) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\wrc@avast.com.xpi [2020-03-05]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2020-04-08]
FF Extension: (Video DownloadHelper) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-03-30]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\x8lojlup.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-01]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-17] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-15] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2867275502-3730772980-4078306993-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Karen\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default [2020-05-02]
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=503828&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.refdesk.com/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-06]
CHR Extension: (Docs) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-06]
CHR Extension: (Google Drive) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
CHR Extension: (YouTube) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-04-18]
CHR Extension: (Google Search) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-14]
CHR Extension: (Sheets) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (HP Network Check Launcher) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-22]
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-26]
CHR Profile: C:\Users\Karen\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [378744 2020-03-31] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370560 2018-09-19] (Intel Corporation -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel® Wireless Display -> Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel® Update Manager -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-10-19] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-04-25] (Malwarebytes Inc -> Malwarebytes)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [139952 2020-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [105840 2020-04-28] (Microsoft Windows -> Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-01-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S2 SonosLibraryService; C:\Program Files (x86)\Sonos\SonosLibraryService.exe [26624 2020-04-09] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-04-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-12] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-25] (Malwarebytes Corporation -> Malwarebytes)
S3 GENERICDRV; C:\SWSetup\SP74051\samifldrv64.sys [15640 2012-07-27] (American Megatrends, Inc. -> )
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [195432 2020-04-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2020-05-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-04-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [124560 2020-04-29] (Malwarebytes Inc -> Malwarebytes)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-09-03] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-08-28] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [36168 2019-06-11] (McAfee, Inc. -> The OpenVPN Project)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-04-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-04-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-04-30] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-02 08:31 - 2020-05-02 08:32 - 000036609 _____ C:\Users\Karen\Downloads\FRST.txt
2020-05-02 08:30 - 2020-05-02 08:31 - 000000000 ____D C:\FRST
2020-05-02 08:30 - 2020-05-02 08:30 - 002283520 _____ (Farbar) C:\Users\Karen\Downloads\FRST64.exe
2020-05-02 08:30 - 2020-05-02 08:30 - 002283520 _____ (Farbar) C:\Users\Karen\Downloads\FRST64(1).exe
2020-05-01 20:51 - 2020-05-01 20:51 - 025306104 _____ (Piriform Software Ltd) C:\Users\Karen\Downloads\ccsetup566.exe
2020-05-01 20:44 - 2020-05-01 20:44 - 005198336 _____ (AVAST Software) C:\Users\Karen\Downloads\aswMBR(3).exe
2020-05-01 20:32 - 2020-05-01 20:32 - 005198336 _____ (AVAST Software) C:\Users\Karen\Downloads\aswMBR(1).exe
2020-05-01 20:29 - 2020-05-01 20:29 - 005198336 _____ (AVAST Software) C:\Users\Karen\Downloads\aswMBR(2).exe
2020-05-01 20:24 - 2020-05-01 20:53 - 000000000 ____D C:\WINDOWS\Minidump
2020-05-01 20:18 - 2020-05-01 20:18 - 005198336 _____ (AVAST Software) C:\Users\Karen\Downloads\aswMBR.exe
2020-04-30 19:01 - 2020-05-01 20:49 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-04-30 19:00 - 2020-04-30 19:00 - 000195432 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-04-29 08:01 - 2020-04-29 08:01 - 000124560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-04-28 20:35 - 2020-04-28 20:35 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 022637056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 018028032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 008013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 007267328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 007011840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 006291968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 004858368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 004129424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 003822080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 001610240 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 001559040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 001507328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 001151824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CBDHSvc.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000139952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityRuntime.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000105840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2020-04-28 20:35 - 2020-04-28 20:35 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 014819328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 009930552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 007899528 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 007257816 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 006522840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 006434304 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 006079184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 005757872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 005109760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 004565456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 004009472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 003974376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 003805696 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 003747328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 003727872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 003587392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 003371416 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 002774088 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002769000 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002461696 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002259664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002255136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 002087168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001999968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001934824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001734144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001686016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001667600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001497600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001486336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 001406464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001397576 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 001393968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001178608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001154656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001077264 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 001023128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 001007104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000979264 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000945192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000915208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000892488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000891544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000874312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000847168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000801832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000783488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000683848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000676072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000673488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000673296 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000661816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000639400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000592944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000568136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000552448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000543824 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000513024 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000501200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000466344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000460408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000441144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000375520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000325432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000278080 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000211472 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatialAudioLicenseSrv.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000142760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingExperienceMEM.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000124504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000117048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadWamExtension.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000107616 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000102216 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000089544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000073024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000066832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000058880 _____ C:\WINDOWS\system32\runexehelper.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000058696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2020-04-28 20:34 - 2020-04-28 20:34 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2020-04-28 20:34 - 2020-04-28 20:34 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmproxy.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmsprep.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-04-28 20:34 - 2020-04-28 20:34 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-04-28 20:33 - 2020-04-28 20:34 - 000732160 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 017791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 004624880 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 002289152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 002150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001943040 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001635840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000999616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000824832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000637480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-04-28 20:33 - 2020-04-28 20:33 - 000631608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2020-04-28 20:33 - 2020-04-28 20:33 - 000589400 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.UserService.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-04-28 20:33 - 2020-04-28 20:33 - 000250696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-04-28 20:33 - 2020-04-28 20:33 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialAudioLicenseSrv.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000147776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadWamExtension.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcDecoderHost.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2020-04-28 20:33 - 2020-04-28 20:33 - 000116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000088352 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000069704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000060432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2020-04-28 20:33 - 2020-04-28 20:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audioresourceregistrar.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-28 20:33 - 2020-04-28 20:33 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-04-28 20:33 - 2020-04-28 20:33 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll
2020-04-28 08:33 - 2020-04-28 08:33 - 000000000 ____D C:\Users\Karen\AppData\Local\Quicken
2020-04-26 17:31 - 2020-04-26 17:31 - 000137710 _____ C:\Users\Karen\Downloads\Statement(7).pdf
2020-04-25 20:43 - 2020-04-25 20:43 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-04-25 20:43 - 2020-04-25 20:43 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-04-25 20:43 - 2020-04-25 20:43 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-04-25 20:42 - 2020-04-25 20:42 - 001980016 _____ (Malwarebytes) C:\Users\Karen\Downloads\MBSetup(1).exe
2020-04-25 20:41 - 2020-04-25 20:41 - 001980016 _____ (Malwarebytes) C:\Users\Karen\Downloads\MBSetup.exe
2020-04-17 17:04 - 2019-12-16 23:33 - 000001086 _____ C:\Users\Karen\Desktop\Revo Uninstaller.lnk
2020-04-15 20:36 - 2020-04-15 20:36 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 007756800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 005910016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 005040640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 004611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 003512320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 002951832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 002494744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 002180408 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001870408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001665216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001646048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001484384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001013000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001009152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 001008128 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000775696 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-04-15 20:36 - 2020-04-15 20:36 - 000768528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000686080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000673464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000629760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000628616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000561464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-04-15 20:36 - 2020-04-15 20:36 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000510792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000420152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000268008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3api.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3msm.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumapi.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumapi.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2020-04-15 20:36 - 2020-04-15 20:36 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2020-04-15 20:36 - 2020-04-15 20:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 003109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 002717184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-04-15 20:35 - 2020-04-15 20:35 - 002131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001764336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001612800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001603584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 001153024 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000982840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000722072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2020-04-15 20:35 - 2020-04-15 20:35 - 000339304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-04-15 20:35 - 2020-04-15 20:35 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-04-15 20:35 - 2020-04-15 20:35 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-04-15 20:35 - 2020-04-15 20:35 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-04-15 20:13 - 2020-04-15 20:14 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-04-15 20:13 - 2020-04-15 20:14 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-04-05 15:47 - 2020-04-05 15:47 - 000000000 ____D C:\SUPERDelete
2020-04-03 10:11 - 2020-04-03 10:11 - 001545216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2020-04-03 10:11 - 2020-04-03 10:11 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2020-04-03 10:11 - 2020-04-03 10:11 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2020-04-03 10:11 - 2020-04-03 10:11 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2020-04-03 10:11 - 2020-04-03 10:11 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2020-04-03 10:11 - 2020-04-03 10:11 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2020-04-03 10:11 - 2020-04-03 10:11 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbadmin.exe
2020-04-03 10:11 - 2020-04-03 10:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasrad.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasrad.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000093712 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasacct.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-04-03 10:11 - 2020-04-03 10:11 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasacct.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\iaspolcy.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iaspolcy.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ias.dll
2020-04-03 10:11 - 2020-04-03 10:11 - 000021520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 003742544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001477112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 001055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BTAGService.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000538160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000507152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000487784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000415760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\es.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000190048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000185952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wksprtPS.dll
2020-04-03 10:10 - 2020-04-03 10:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 007849216 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 006168064 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 003547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 002986808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-04-03 10:09 - 2020-04-03 10:09 - 002871608 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 002114560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001960448 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001945600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001757096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-04-03 10:09 - 2020-04-03 10:09 - 001726264 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001512832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 001427456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001378528 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001300280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2020-04-03 10:09 - 2020-04-03 10:09 - 001263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 001261808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001243648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000974336 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000811320 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000759272 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000747320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000684560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000638480 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000515600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000513576 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-04-03 10:09 - 2020-04-03 10:09 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000465208 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-04-03 10:09 - 2020-04-03 10:09 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\es.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcApi.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 000259776 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000251704 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000231912 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000178192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2020-04-03 10:09 - 2020-04-03 10:09 - 000164368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 000147696 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcProxyStubs.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2020-04-03 10:09 - 2020-04-03 10:09 - 000033080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hwpolicy.sys
2020-04-03 10:09 - 2020-04-03 10:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbservicetrigger.dll
2020-04-03 10:09 - 2020-04-03 10:09 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2020-04-03 10:08 - 2020-04-03 10:08 - 001071616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2020-04-03 10:08 - 2020-04-03 10:08 - 000437560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000297272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000193848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000151352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000089912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000059192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2020-04-03 10:08 - 2020-04-03 10:08 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-05-02 08:28 - 2019-10-02 15:11 - 000000000 ____D C:\Users\Karen\AppData\Local\8BA9FBE5-1C47-4761-A36A-B7E668144BBA.aplzod
2020-05-02 08:28 - 2016-11-18 20:49 - 000000000 ____D C:\Users\Karen\AppData\LocalLow\Mozilla
2020-05-02 08:28 - 2015-08-20 13:59 - 000000000 ____D C:\Users\Karen\Documents\Outlook Files
2020-05-02 08:27 - 2019-06-14 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-02 08:27 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-01 21:39 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-01 21:39 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-01 20:53 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-05-01 20:52 - 2019-06-14 09:26 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-05-01 20:52 - 2017-07-19 11:16 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-05-01 20:52 - 2017-07-19 11:16 - 000000870 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-05-01 20:50 - 2019-10-02 15:06 - 000000000 ___RD C:\Users\Karen\iCloudDrive
2020-05-01 20:49 - 2019-06-14 09:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-01 20:49 - 2018-11-28 10:45 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-05-01 20:49 - 2015-08-20 10:01 - 000000000 __SHD C:\Users\Karen\IntelGraphicsProfiles
2020-05-01 20:25 - 2019-06-14 01:17 - 000000000 ____D C:\Users\Karen
2020-04-30 19:11 - 2018-02-19 11:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-04-30 18:59 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-29 22:45 - 2015-08-20 20:57 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-29 22:45 - 2015-08-20 20:57 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-29 22:45 - 2015-08-20 20:57 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-29 08:04 - 2019-06-14 09:16 - 000936852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-29 08:02 - 2017-12-19 09:40 - 000000000 ___RD C:\Users\Karen\3D Objects
2020-04-29 08:02 - 2015-08-20 08:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-04-29 08:00 - 2019-06-14 09:03 - 000455200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-29 08:00 - 2018-01-12 22:57 - 000000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKaren.job
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\Provisioning
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-04-29 00:59 - 2019-03-19 00:52 - 000000000 ____D C:\PerfLogs
2020-04-28 20:41 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-28 16:29 - 2015-08-20 20:40 - 000000000 ____D C:\ProgramData\Sonos,_Inc
2020-04-28 11:37 - 2019-06-14 09:26 - 000003230 _____ C:\WINDOWS\system32\Tasks\HPCeeScheduleForKaren
2020-04-27 09:07 - 2016-04-03 12:50 - 000000488 _____ C:\WINDOWS\Tasks\Macrium-Backup-{C170185C-AFD4-4E39-A8D2-284181CC0B23}.job
2020-04-26 13:09 - 2015-06-17 22:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-04-26 13:09 - 2015-06-17 22:29 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2020-04-25 20:43 - 2019-07-05 11:26 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-04-25 20:43 - 2019-07-05 11:26 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-04-25 20:42 - 2019-07-05 11:26 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-04-25 20:42 - 2019-07-05 11:26 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-04-25 07:48 - 2018-11-29 18:46 - 000000000 ____D C:\Users\Karen\AppData\Local\PlaceholderTileLogoFolder
2020-04-25 07:22 - 2017-12-19 00:54 - 000000000 ____D C:\Users\Karen\AppData\Local\Packages
2020-04-24 13:14 - 2015-08-20 20:40 - 000002029 _____ C:\Users\Public\Desktop\Sonos.lnk
2020-04-24 13:14 - 2015-08-20 20:40 - 000002029 _____ C:\ProgramData\Desktop\Sonos.lnk
2020-04-24 13:14 - 2015-08-20 20:40 - 000000000 ____D C:\Users\Karen\AppData\Local\Downloaded Installations
2020-04-24 13:14 - 2015-08-20 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2020-04-24 13:14 - 2015-08-20 20:40 - 000000000 ____D C:\Program Files (x86)\Sonos
2020-04-24 11:19 - 2015-08-20 14:01 - 000000000 ____D C:\Users\Karen\Documents\Quicken
2020-04-23 20:49 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-04-16 11:26 - 2015-08-22 10:01 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-04-15 21:17 - 2016-04-03 12:50 - 000000488 _____ C:\WINDOWS\Tasks\Macrium-Backup-{10A2D43F-63B9-47D8-8580-EC4D9490EECD}.job
2020-04-15 21:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-04-15 10:55 - 2019-07-01 20:41 - 000004532 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-15 10:55 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-15 10:55 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 09:58 - 2019-06-14 09:26 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-04-14 18:24 - 2019-06-14 09:26 - 000003354 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2867275502-3730772980-4078306993-1001
2020-04-14 18:24 - 2019-06-14 01:17 - 000002407 _____ C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-14 18:24 - 2015-08-20 12:09 - 000000000 ___RD C:\Users\Karen\OneDrive
2020-04-12 11:47 - 2015-08-20 20:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-10 12:50 - 2017-04-20 11:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-04-10 12:50 - 2015-08-20 20:58 - 000001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-10 11:33 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-03 10:30 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2020-04-02 13:15 - 2015-08-20 15:14 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories ========

2017-02-16 17:30 - 2017-02-16 16:07 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2017-07-29 21:50 - 2017-07-29 21:50 - 000000017 _____ () C:\Users\Karen\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by Karen (02-05-2020 08:33:54)
Running from C:\Users\Karen\Downloads
Windows 10 Home Version 1909 18363.815 (X64) (2019-06-14 13:27:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2867275502-3730772980-4078306993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2867275502-3730772980-4078306993-503 - Limited - Disabled)
Guest (S-1-5-21-2867275502-3730772980-4078306993-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2867275502-3730772980-4078306993-1003 - Limited - Enabled)
Karen (S-1-5-21-2867275502-3730772980-4078306993-1001 - Administrator - Enabled) => C:\Users\Karen
WDAGUtilityAccount (S-1-5-21-2867275502-3730772980-4078306993-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309n-s (HKLM-x32\...\{99712F6B-45A5-457D-9227-EF138C2CD3D1}) (Version: 140.0.851.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.5017 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6121 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.4928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5103 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.129 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{4BF17F05-B2DA-4266-8AEB-09BC9D008EAF}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{C54DEA1F-7A8D-410B-A675-04E0FB562CB0}) (Version: 40.13.54.81239 - HP)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{CF3BE446-3D26-49D3-B202-C9A13511DEEC}) (Version: 1.6.1 - Hewlett-Packard Company)
HP Google Drive Plugin (HKLM-x32\...\{533B4739-13DD-4AAB-9524-070B3F0CE6ED}) (Version: 40.13.54.81239 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 5740 series Basic Device Software (HKLM\...\{8C417009-7889-42BC-8164-C74FFF358CE6}) (Version: 40.13.1176.1978 - HP Inc.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309n-s All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{81F328CE-F9EB-408C-AB70-6CF6B9720E2C}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.8.24.33 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.15.14.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{359CA9EA-898C-4F5C-80D9-C111F27B489E}) (Version: 7.17.0.13 - Apple Inc.)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.39 - Softex Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5058 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: - )
Macrium Reflect Free Edition (HKLM\...\{82EAF766-45D4-429A-A74C-74D7DEB91115}) (Version: 6.3.1855 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.5215.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-US) (HKLM\...\Mozilla Firefox 75.0 (x64 en-US)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5215.1000 - Microsoft Corporation) Hidden
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{D4B37902-C484-4AAC-B3B8-70C203C4FAB3}) (Version: 40.13.1176.1978 - HP Inc.)
PS_AIO_06_C309n-s_SW_Min (HKLM-x32\...\{73B8D01B-933F-4A69-A1FD-2EAE8979381E}) (Version: 140.0.863.000 - Hewlett-Packard) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.26.17 - Quicken)
QuickTransfer (HKLM-x32\...\{E517094C-06B6-419F-8FFD-EF4F57972130}) (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 56.0.76090 - Sonos, Inc.)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Zoom (HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

Packages:
=========
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-08-20] (Hewlett-Packard Company)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.6.26.0_x64__kx24dqmazqk8j [2020-01-20] (Random Salad Games LLC) [MS Ad]
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6 [2016-01-05] (HP Inc.)
HP Explore -> C:\Program Files\WindowsApps\AD2F1837.HPWelcome_0.1.50.0_x64__v10z8vjag6ke6 [2015-10-22] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-06-17] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.728.0_x64__v10z8vjag6ke6 [2020-04-14] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.4282.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-20] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-20] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-20] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-02-01] (Up to Eleven Digital Solutions GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-11] (Netflix, Inc.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.9.0_x64__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-25] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-03-24] (Adobe Systems Incorporated)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.18.78.0_x64__kx24dqmazqk8j [2020-03-03] (Random Salad Games LLC) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-04] (Snapfish)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2015-11-09] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-02] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-01-22] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-03-03] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2015-01-30 22:16 - 2015-01-30 22:16 - 000864768 _____ (%CFullName%) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2015-01-30 22:07 - 2015-01-30 22:07 - 002169344 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 000035840 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2011-04-29 20:08 - 2011-04-29 20:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2011-08-18 02:29 - 2011-08-18 02:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2015-01-30 22:06 - 2015-01-30 22:06 - 000715264 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2015-01-30 22:07 - 2015-01-30 22:07 - 001134080 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 000746064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 000431696 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 000760912 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2015-01-30 22:16 - 2015-01-30 22:16 - 001384528 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\europacasino.com -> www.europacasino.com
IE restricted site: HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\...\fairsearcher.com -> www.fairsearcher.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-11-25 20:54 - 000000942 ____R C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Hewlett-Packard\SimplePass\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2867275502-3730772980-4078306993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karen\Pictures\Panama\P1020620.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{0E64A316-C1E1-4FBA-AF97-05E7458F64AB}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [UDP Query User{655D9089-12B3-4555-9FC0-1C2F79F47AF3}C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp officejet 5740 series\bin\hpnetworkcommunicatorcom.exe (HP Inc -> HP Inc.)
FirewallRules: [{4D76D481-B585-4D9F-ACC5-673D7A86F775}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{F9BFBE30-202D-4A1E-BC27-E0CAB829C696}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{AA832C03-6579-4A71-8A5B-BB0ED5BB9642}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{D4CBFFCF-EE20-4DD9-BF87-E3E3F7E94641}] => (Allow) LPort=3445
FirewallRules: [TCP Query User{66D06BA8-6FD4-46D1-83D7-31A1D5923B27}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E89D97A-9704-436B-A904-FB1308677730}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F3170990-B951-4B04-A88A-CEEAEB57851C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-04-2020 16:55:09 Scheduled Checkpoint
28-04-2020 20:10:09 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/02/2020 08:35:01 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5408,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/02/2020 04:46:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1880,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 11:08:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5820,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 10:09:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13348,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 09:59:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11136,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 09:44:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 09:25:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11548,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (05/01/2020 09:09:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12092,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

System errors:
=============
Error: (05/01/2020 09:17:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (05/01/2020 08:52:04 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff8037a5fe010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80372be95ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: d73764fd-aca3-46bc-8d70-35f76c70b66a.

Error: (05/01/2020 08:49:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:38:31 PM on ‎5/‎1/‎2020 was unexpected.

Error: (05/01/2020 08:41:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffd78038b1e010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80269f595ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 0e3c05dc-48fd-4e66-aade-9fde84a48b0e.

Error: (05/01/2020 08:38:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:24:33 PM on ‎5/‎1/‎2020 was unexpected.

Error: (05/01/2020 08:29:15 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff802349fe010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80230b095ae). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 18d7d556-ae36-4f05-bc88-5199da6fd9bb.

Error: (05/01/2020 08:24:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:03:50 PM on ‎5/‎1/‎2020 was unexpected.

Error: (05/01/2020 07:27:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Windows Defender:
===================================
Date: 2020-04-29 17:54:17.884
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A0CB6D24-DECA-4C8D-840C-873AAD080BA5}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-28 09:57:22.806
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1C0BEC03-D257-4A56-AF0D-0D3F806D0B20}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-26 22:01:50.143
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BBFBE2F7-AD10-419C-8B55-355B90785631}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-25 18:56:50.475
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5466570E-D3F7-49D5-B41F-A5DD38F307EB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-24 10:26:13.961
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BF153524-F54A-440F-A755-075E71D1CFD4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-30 09:22:30.969
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.2652.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2020-03-20 13:12:31.461
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-20 13:12:29.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:28:02.619
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:24:07.567
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:23:53.294
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:23:49.492
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:23:47.737
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-17 20:23:46.621
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: AMI 80.06 04/01/2015
Motherboard: Hewlett-Packard 2B2C
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 12192.11 MB
Available physical RAM: 5488.32 MB
Total Virtual: 14048.11 MB
Available Virtual: 8023.46 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:910.57 GB) (Free:743.44 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:19.03 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:266.29 GB) NTFS
Drive g: (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.27 GB) FAT32

\\?\Volume{c814ea63-ef47-4ffc-90f0-6dcaf403966f}\ (Windows RE tools ) (Fixed) (Total:1 GB) (Free:0.69 GB) NTFS
\\?\Volume{a6d3bb69-8871-46ba-a938-5fa4d049a734}\ () (Fixed) (Total:0.44 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E6684562)

Partition: GPT.

==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================

#4 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 02 May 2020 - 02:58 PM

4 or 5 emails over past week from different addresses

Make sure to change your email password for safety.

Actually not much showing, could be related to software not working together well.

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.

Start::
CloseProcesses:
CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~``

Download AdwCleaner from here and save it to your desktop.

run AdwCleaner by clicking on Scan Now
when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
if it asks to reboot, allow the reboot
on reboot, click on View Log File; please attach the content of the log to your next reply.

============================================

Click Open Malwarebyte Free/Premium
Under Scanner select Scheduled scans
Select Advanced scanners
Select Custom Scan select Configure Scan
Place a check mark in Scan for rootkits and place a check mark on the C: drive and your external drives to be scanned
Click Scan
When completed click View Report
Click Export, then Export to TXT
Save the file onto your desktop as MBAM.txt
Copy and paste the contents of the file in your reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please post these 3 scans when finished.

#5 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 03 May 2020 - 01:32 PM

Changed password

Thank you for your time!

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-04-2020
Ran by Karen (02-05-2020 18:19:14) Run:1
Running from C:\Users\Karen\Downloads
Loaded Profiles: Karen (Available Profiles: Karen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-02-2020
# Duration: 00:00:22
# OS:       Windows 10 Home
# Cleaned: 36
# Failed:   1

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.HPHealthCheck   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted       Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted       Preinstalled.HPRegistrationService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Karen\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Karen\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{904822F1-6C7D-4B91-B936-6A1C0810544C}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E2CB09C1-3C76-4395-BB47-50C066535CF8}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\Program Files\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.LenovoPowerDVD   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Deleted       Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-dragonsofatlantis
Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-vegasworld
Not Deleted   Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1250 octets] - [28/11/2018 13:06:00]
AdwCleaner[S01].txt - [1311 octets] - [19/02/2019 21:38:50]
AdwCleaner[S02].txt - [1372 octets] - [13/06/2019 23:36:08]
AdwCleaner[S03].txt - [1433 octets] - [24/06/2019 09:34:45]
AdwCleaner[S04].txt - [6478 octets] - [02/05/2020 18:30:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\HP-20200430-1900.log => moved successfully
C:\Windows\Temp\HP-20200501-0855.log => moved successfully
C:\Windows\Temp\HP-20200501-0855a.log => moved successfully
C:\Windows\Temp\HP-20200501-0906.log => moved successfully
C:\Windows\Temp\HP-20200501-0936.log => moved successfully
C:\Windows\Temp\HP-20200501-1006.log => moved successfully
C:\Windows\Temp\HP-20200501-2024.log => moved successfully
C:\Windows\Temp\HP-20200501-2038.log => moved successfully
C:\Windows\Temp\HP-20200501-2049.log => moved successfully
C:\Windows\Temp\HP-20200501-2104.log => moved successfully
C:\Windows\Temp\HP-20200501-2134.log => moved successfully
C:\Windows\Temp\HP-20200501-2204.log => moved successfully
C:\Windows\Temp\HP-20200502-0819.log => moved successfully
Could not move "C:\Windows\Temp\HP-20200502-1819.log" => Scheduled to move on reboot.
C:\Windows\Temp\hpqddsvc.log => moved successfully
C:\Windows\Temp\HPSLPSVC0000.log => moved successfully
C:\Windows\Temp\HPSLPSVC0001.log => moved successfully
C:\Windows\Temp\HPSLPSVC0003.log => moved successfully
C:\Windows\Temp\HPSLPSVC0004.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20200501202440118C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2020050120383711B0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(202005012049201130).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(202005021819141240).log" => Scheduled to move on reboot.
C:\Windows\Temp\officeclicktorun.exe_streamserver(20200501202440118C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2020050120383711B0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202005012049201130).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202005021819161240).log" => Scheduled to move on reboot.

========= End -> "C:\Windows\Temp\*.*" ========

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84463965 B
Java, Flash, Steam htmlcache => 1174 B
Windows/system/drivers => 55602 B
Edge => 0 B
Chrome => 17311659 B
Firefox => 27617215 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Karen => 9407543 B

RecycleBin => 0 B
EmptyTemp: => 142.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-05-2020 18:23:51)

C:\Windows\Temp\HP-20200502-1819.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(202005021819141240).log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202005021819161240).log => Is moved successfully

==== End of Fixlog 18:23:51 ====

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/3/20
Scan Time: 12:23 AM
Log File: ddc107fe-8cf5-11ea-9ee5-7c050793c170.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.23348
License: Premium

-System Information-
OS: Windows 10 (Build 18362.815)
CPU: x64
File System: NTFS
User: HP\Karen

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 654299
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 12 hr, 46 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.383Media, C:\USERS\KAREN\BACKED UP TOWER 1\DOCUMENTS\DRIVERWHIZ.EXE, No Action By User, 6868, 448609, 1.0.23348, , ame,
PUP.Optional.383Media, C:\USERS\KAREN\BACKED UP TOWER 2\MY DOCUMENTS\DRIVERWHIZ.EXE, No Action By User, 6868, 448609, 1.0.23348, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

#6 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 03 May 2020 - 02:51 PM

When you ran Malwarebytes Anti-Malware did you allow it to quarantine what it found?

~~

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

How is the computer now?

#7 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 04 May 2020 - 07:12 AM

No did not put into quarantine, should I run again and do that?

Log from ESET

5/4/2020 8:44:17 AM
Files scanned: 481511
Detected files: 27
Cleaned files: 27
Total scan time 04:45:51
Scan status: Finished

C:\Users\Karen\Backed Up Tower 1\Desktop\malware\Process.exe   Win32/PrcView potentially unsafe application   cleaned by deleting
C:\Users\Karen\Backed Up Tower 2\Desktop\malware\Process.exe   Win32/PrcView potentially unsafe application   cleaned by deleting
C:\Users\Karen\Desktop\Microsoft Word, etc\Avery Wizard 4.01 - US 20111209.exe   a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup525 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup525.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup526 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup526.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup527.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup528.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup529.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup530 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup530.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup531.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup546.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup547.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup548.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup549.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup550.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup551 (1).exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup551.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup552.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup553.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup554.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup555.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup556.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\ccsetup557.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting
C:\Users\Karen\Downloads\OJ5740_117.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application   cleaned by deleting

Used computer a bit seems faster. Thank you.

#8 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 04 May 2020 - 10:42 AM

No did not put into quarantine, should I run again and do that?

yes, I think I would and allow it to quarantine what it finds, how's your computer now?

fiveone5 likes this

#9 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 05 May 2020 - 07:28 AM

Ran and quarantined.

Pages are loading faster thank you!

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/4/20
Scan Time: 1:15 PM
Log File: dec628a6-8e2a-11ea-b13b-7c050793c170.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23404
License: Premium

-System Information-
OS: Windows 10 (Build 18362.815)
CPU: x64
File System: NTFS
User: HP\Karen

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 689211
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 15 hr, 54 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.383Media, C:\USERS\KAREN\BACKED UP TOWER 1\DOCUMENTS\DRIVERWHIZ.EXE, Quarantined, 6864, 448609, 1.0.23404, , ame,
PUP.Optional.383Media, C:\USERS\KAREN\BACKED UP TOWER 2\MY DOCUMENTS\DRIVERWHIZ.EXE, Quarantined, 6864, 448609, 1.0.23404, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

#10 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 05 May 2020 - 01:26 PM

I think we're ready to remove tools and quarantine folders.

Use this tool to remove quarantined items:

Please download KpRm by Kernel-panik and save to your Desktop.

Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

Put a check mark next to these items:

- Delete tools

Click the "Run" button.

When the tool has finished, it will create and open a log report and delete itself.

#11 fiveone5

Authentic Member

Authentic Member
54 posts

Posted 05 May 2020 - 01:43 PM

Thank you for your time and knowledge!

Was there anything I should worry about?

I saw it was backup towers items put in quarantine.

Angels are always with us.

Take time to enjoy them!

Stay well,

Karen

#12 Juliet

SuperHelper

Retired Classroom Teacher
7,686 posts

Interests:Boo!....

Posted 05 May 2020 - 02:51 PM

Mainly, it was preinstalled bloatware with bundled adware, nothing serious.

The 2 below can either be stored on a usb drive thats connected to your computer or you have it stored on the drive.
Karen\Backed Up Tower 1
Karen\Backed Up Tower 2

You should be fine.

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP
AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Body Background

skin color theme