[SOLVED] Very long Start-up time

[DR M]

Hi.

The logs are clean.

1. Fresh FRST logs

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

2. Check Services

• Please download Farbar Service Scanner and save it on your Desktop.
• Right click on the tool icon and run it as administrator.
• Make sure all the options are checked.
• Click on the Scan button.
• It will create a log (FSS.txt) on your Desktop.
• Copy and paste the log's content to your next reply.

In your next reply please post:

1. The fresh FRST logs, Addition and FRST
2. The FSS.txt

 

[gigglepot33]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2022
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (26-10-2022 10:04:53)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\AMD\CNext\CNext\amddvr.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lillian\AppData\Local\Microsoft\OneDrive\22.207.1002.0003\Microsoft.SharePoint.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_6.69.19001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_6.69.19001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed] C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-18] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2793016 2022-10-18] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32688080 2022-09-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe [2022-10-13] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CE59796-FE57-49CF-A450-EB794C4FB4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {289EC535-ACBB-46C5-8599-0FD3667513C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {28E7D666-D780-43FF-8EE9-2EA079EB8F0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {29B72F8C-EDAD-4DFE-B0B7-11B95D29F0DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {544D99A4-F781-425D-AB9B-E691807CA27C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {61808372-99EE-4F6D-A379-9B0A153A17AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84189EAA-640C-4B63-87FD-925AFBE1B0EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8526C702-AEE6-4812-9726-F18D04AC64C1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {86328BD5-2CB9-4277-8FA4-C0EB06C8CD1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {992DC982-2CF9-4C3A-B229-8432A1EC8667} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64324158-2892-4aef-98b3-a8fc4e3bd95d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lillian\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-25]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2022-10-26]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://www.facebook.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2021-08-04]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2022-10-07]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Black and Purple Theme) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{155429d2-8bf5-44bf-94f8-d194c3ec5f15}.xpi [2021-06-16]
FF Extension: (Photon Colors) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-07-30]
FF Extension: (Fairytale Of Nature) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{6804879d-8801-473a-b13d-605b902a5e4f}.xpi [2021-06-15]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Extension: (¡Light Blue Theme!) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{f416b4af-c4c9-4607-96ac-77fea7ed4a9b}.xpi [2021-06-16]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2022-10-21]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.kijiji.ca/"
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-09-03]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-08]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-20]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-09-27]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable [2022-10-21]
OPR Extension: (Rich Hints Agent) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-09-18] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-09-19] (Epic Games Inc. -> Epic Games, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-06-11] (Parsec Cloud, Inc. -> Parsec)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lillian\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [202208 2017-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-26 06:36 - 2022-10-26 06:36 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-26 06:36 - 2022-10-26 06:36 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-26 06:36 - 2022-10-26 06:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-26 06:36 - 2022-10-26 06:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-26 06:36 - 2022-10-26 06:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-10-26 06:36 - 2022-10-26 06:35 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-10-26 06:35 - 2022-10-26 06:35 - 002632256 _____ (Malwarebytes) C:\Users\Lillian\Desktop\MBSetup-614F9D64-37335.37335.exe
2022-10-26 06:35 - 2022-10-26 06:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-26 06:35 - 2022-10-26 06:35 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-26 06:33 - 2022-10-26 06:37 - 000000000 ____D C:\AdwCleaner
2022-10-26 06:33 - 2022-10-26 06:33 - 008791352 _____ (Malwarebytes) C:\Users\Lillian\Desktop\adwcleaner(1).exe
2022-10-26 06:32 - 2022-10-26 06:32 - 008551608 _____ (Malwarebytes) C:\Users\Lillian\Desktop\AdwCleaner.exe
2022-10-22 12:54 - 2022-10-22 12:54 - 000000152 _____ C:\Users\Lillian\AppData\Local\kritadisplayrc
2022-10-21 14:04 - 2022-10-21 14:59 - 000048717 _____ C:\Users\Lillian\Desktop\Fixlog.txt
2022-10-21 13:25 - 2022-10-21 13:25 - 007531152 _____ (VS Revo Group ) C:\Users\Lillian\Desktop\revosetup.exe
2022-10-21 13:25 - 2022-10-21 13:25 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-10-21 13:25 - 2022-10-21 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-10-21 13:25 - 2022-10-21 13:25 - 000000000 ____D C:\Program Files\VS Revo Group
2022-10-15 16:41 - 2022-10-15 16:41 - 000000924 _____ C:\Users\Public\Desktop\Overwatch.lnk
2022-10-15 16:41 - 2022-10-15 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2022-10-15 16:02 - 2022-10-21 20:37 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-10-15 15:50 - 2022-10-22 18:32 - 000000000 ____D C:\Users\Lillian\AppData\Local\Battle.net
2022-10-15 15:50 - 2022-10-15 16:43 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Battle.net
2022-10-15 15:49 - 2022-10-21 21:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-10-15 15:49 - 2022-10-15 15:49 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-10-15 15:49 - 2022-10-15 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-10-15 15:48 - 2022-10-15 15:48 - 004838352 _____ (Blizzard Entertainment) C:\Users\Lillian\Desktop\Battle.net-Setup.exe
2022-10-15 10:20 - 2022-10-15 10:20 - 002584894 _____ C:\Users\Lillian\Desktop\webSaver_coupons_20221015.fdf
2022-10-14 06:49 - 2022-10-14 06:49 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-3.pdf
2022-10-14 06:48 - 2022-10-14 06:48 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-6.pdf
2022-10-13 13:38 - 2022-10-22 19:22 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-10-13 13:38 - 2022-10-22 19:22 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2022-10-12 13:45 - 2022-10-13 06:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-12 13:45 - 2022-10-12 13:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-12 07:43 - 2022-10-12 07:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-12 07:43 - 2022-10-12 07:43 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-12 07:43 - 2022-10-12 07:43 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 07:42 - 2022-10-12 07:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 07:42 - 2022-10-12 07:42 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-12 07:41 - 2022-10-12 07:41 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-12 07:41 - 2022-10-12 07:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 06:57 - 2022-10-12 06:57 - 000000000 ___HD C:\$WinREAgent
2022-10-11 20:08 - 2022-10-11 20:08 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-5.pdf
2022-10-11 20:06 - 2022-10-11 20:06 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-2.pdf
2022-10-11 20:05 - 2022-10-11 20:05 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-4.pdf
2022-10-10 18:32 - 2022-10-10 18:32 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-1.pdf
2022-10-10 18:32 - 2022-10-10 18:32 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-3.pdf
2022-10-10 14:31 - 2022-10-10 14:31 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb.pdf
2022-10-10 14:20 - 2022-10-10 14:20 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-2.pdf
2022-10-05 14:49 - 2022-10-05 14:49 - 001659877 _____ C:\Users\Lillian\Desktop\Cheez-It Snap'd Crackers Coupon.xlsx
2022-10-05 14:17 - 2022-10-05 14:18 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-1.pdf
2022-10-05 14:15 - 2022-10-05 14:16 - 001468065 _____ C:\Users\Lillian\Desktop\Babybel Mini Rolls.xlsx
2022-10-05 14:09 - 2022-10-10 14:37 - 000436986 _____ C:\Users\Lillian\Desktop\Cascades Coupon.xlsx
2022-10-05 11:50 - 2022-10-05 11:50 - 000496663 _____ C:\Users\Lillian\Desktop\document.pdf
2022-10-05 11:33 - 2022-10-21 11:39 - 000073742 _____ C:\Users\Lillian\Desktop\Addition.txt
2022-10-05 11:24 - 2022-10-26 10:07 - 000024135 _____ C:\Users\Lillian\Desktop\FRST.txt
2022-10-05 11:24 - 2022-10-26 10:04 - 000000000 ____D C:\Users\Lillian\Desktop\FRST-OlderVersion
2022-10-05 11:22 - 2022-10-26 10:06 - 000000000 ____D C:\FRST
2022-10-05 11:21 - 2022-10-26 10:04 - 002373632 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2022-09-28 12:38 - 2022-09-28 12:38 - 001069845 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220928 (3).fdf
2022-09-28 12:37 - 2022-09-28 12:37 - 001069000 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220928 (2).fdf
2022-09-28 12:34 - 2022-09-28 12:34 - 001069746 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220928 (1).fdf
2022-09-28 12:33 - 2022-09-28 12:33 - 001069049 _____ C:\Users\Lillian\Downloads\webSaver_coupons_20220928.fdf
2022-09-27 20:32 - 2022-09-27 20:32 - 004838352 _____ (Blizzard Entertainment) C:\Users\Lillian\Downloads\Battle.net-Setup.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-26 10:06 - 2018-05-16 11:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2022-10-26 09:40 - 2022-02-28 14:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-10-26 09:39 - 2018-05-13 10:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2022-10-26 09:11 - 2018-05-14 06:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-26 09:05 - 2020-09-27 08:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-26 06:37 - 2018-07-09 21:25 - 000000000 ____D C:\Users\Lillian\AppData\Local\CrashDumps
2022-10-26 06:37 - 2018-06-23 07:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2022-10-26 06:36 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-26 06:16 - 2021-07-08 19:54 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2022-10-26 06:12 - 2021-03-24 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-26 06:12 - 2020-09-27 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-26 06:12 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-25 21:39 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-25 21:39 - 2018-02-10 02:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-10-25 21:25 - 2018-05-22 06:01 - 000000000 ____D C:\Program Files (x86)\Steam
2022-10-25 20:22 - 2018-05-16 12:39 - 000000000 ____D C:\Users\Lillian\AppData\Local\WarThunder
2022-10-25 06:37 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-25 06:37 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-25 06:32 - 2021-12-16 07:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-10-25 06:32 - 2021-07-08 19:54 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-10-25 06:32 - 2021-07-08 19:13 - 000002392 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-23 20:58 - 2020-03-24 12:57 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\discord
2022-10-23 20:56 - 2022-08-03 12:35 - 000000000 ____D C:\Users\Lillian\AppData\Local\Discord
2022-10-23 20:55 - 2020-03-24 12:57 - 000002244 _____ C:\Users\Lillian\Desktop\Discord.lnk
2022-10-22 12:54 - 2021-08-06 11:25 - 000028785 _____ C:\Users\Lillian\AppData\Local\kritarc
2022-10-22 12:46 - 2018-06-01 20:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2022-10-22 12:09 - 2021-08-06 11:25 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\krita
2022-10-22 08:50 - 2020-09-27 08:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-22 08:46 - 2020-09-27 08:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-21 20:52 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-21 14:56 - 2020-09-22 20:47 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Temp
2022-10-21 14:43 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-21 13:17 - 2018-06-20 06:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2022-10-21 13:15 - 2018-12-20 23:31 - 000005146 _____ C:\WINDOWS\wininit.ini
2022-10-20 15:43 - 2018-06-01 20:30 - 000001430 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2022-10-20 15:43 - 2018-06-01 20:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2022-10-20 15:43 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-10-17 07:00 - 2021-07-08 19:28 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-17 06:53 - 2020-09-27 08:50 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-15 16:02 - 2020-07-14 08:37 - 000000000 ____D C:\Users\Lillian\AppData\Local\Blizzard Entertainment
2022-10-14 16:39 - 2020-09-27 08:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-14 16:39 - 2020-09-27 08:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-13 17:12 - 2018-05-14 06:02 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-13 13:40 - 2021-07-08 19:54 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-13 06:22 - 2018-05-13 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-12 13:45 - 2018-05-13 10:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-12 07:54 - 2019-12-07 03:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 07:54 - 2019-12-07 03:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 07:41 - 2020-09-27 08:53 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 06:54 - 2018-05-13 11:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 06:40 - 2018-05-13 11:27 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 17:05 - 2021-07-08 19:54 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-10-11 17:05 - 2021-07-08 19:54 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-10-11 17:05 - 2021-07-08 19:54 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-500
2022-10-11 17:05 - 2021-07-08 19:54 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-10-11 17:05 - 2021-07-08 19:54 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2022-10-11 17:05 - 2021-07-08 19:54 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2022-10-11 17:05 - 2021-07-08 19:54 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-10-11 17:05 - 2021-07-08 19:54 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-10-08 16:09 - 2020-09-27 08:54 - 000000000 ____D C:\ProgramData\Packages
2022-10-08 16:09 - 2018-05-13 10:47 - 000000000 ____D C:\Users\Lillian\AppData\Local\PlaceholderTileLogoFolder
2022-10-08 16:09 - 2018-05-13 10:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\Packages
2022-10-04 06:37 - 2021-12-20 16:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-10-03 13:36 - 2018-05-14 11:27 - 000000000 ____D C:\Program Files (x86)\SystemScheduler
2022-09-26 12:07 - 2022-09-20 09:49 - 000000000 ____D C:\Users\Lillian\AppData\Local\ESET
2022-09-26 12:03 - 2020-02-25 07:34 - 000000000 ____D C:\KPRM
2022-09-26 09:07 - 2021-11-20 10:32 - 000153064 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 002835944 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 000447976 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 000234984 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-09-26 09:07 - 2021-11-07 09:55 - 000067048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe

==================== Files in the root of some directories ========

2018-05-14 11:44 - 2018-05-14 12:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 12:24 - 2018-05-14 12:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 10:38 - 2022-10-26 06:14 - 002146903 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2021-04-12 11:29 - 2021-04-12 11:29 - 000000118 _____ () C:\Users\Lillian\AppData\Local\HeartbeatCache.xml
2021-08-06 19:18 - 2021-08-06 19:18 - 000000356 _____ () C:\Users\Lillian\AppData\Local\karboncalligraphyrc
2021-08-06 11:25 - 2022-10-22 12:09 - 000003170 _____ () C:\Users\Lillian\AppData\Local\krita-sysinfo.log
2021-08-06 11:25 - 2022-10-22 12:54 - 000497787 _____ () C:\Users\Lillian\AppData\Local\krita.log
2021-08-06 22:12 - 2021-10-05 18:59 - 000080678 _____ () C:\Users\Lillian\AppData\Local\kritacrash.log
2022-10-22 12:54 - 2022-10-22 12:54 - 000000152 _____ () C:\Users\Lillian\AppData\Local\kritadisplayrc
2021-08-06 11:25 - 2022-10-22 12:54 - 000028785 _____ () C:\Users\Lillian\AppData\Local\kritarc
2022-02-25 16:49 - 2022-02-25 16:49 - 000016438 _____ () C:\Users\Lillian\AppData\Local\partner.bmp
2019-09-06 09:51 - 2019-09-06 09:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2022
Ran by Lillian (26-10-2022 10:08:30)
Running from C:\Users\Lillian\Desktop
Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) (2021-07-09 01:55:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.003.20263 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Krita (x64) 4.4.5 (HKLM\...\Krita_x64) (Version: 4.5.4.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30135 (HKLM\...\{34DB4181-0770-4B5A-B561-68758A077B0F}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30135 (HKLM\...\{40118CD9-A805-400C-864E-041A5B5C01B0}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{EEFE9D96-1866-45BC-9D11-6AA7FF2D6E18}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.52) (Version: 1.17.30.52 - Microsoft Studios)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 105.0.3 (x64 en-US)) (Version: 105.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: 150-84b - Parsec Cloud Inc.)
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.1 - VS Revo Group, Ltd.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM-x32\...\{6BA4B986-CB27-414F-B68E-E78722FC8EF5}) (Version: 15.0.6.0 - BHOK IT Consulting)
StudioTax 2020 (HKLM\...\{00A4E24D-F868-4D20-83E2-4EC0A569B305}) (Version: 16.0.6.0 - BHOK IT Consulting Inc.)
StudioTax 2021 (HKLM\...\{582AD570-5F28-466D-9BAD-FEAE9FEB9098}) (Version: 17.0.3.0 - BHOK IT Consulting Inc.)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{BAD984EE-790E-4513-A428-3BE2D426DCA7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{E703613B-BDAB-433E-A66A-DE0263E3D35D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{A2DC527D-FA79-46E9-973F-920897CA55E9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_2.98.1.0_x64__kgqvnymyfvs32 [2022-10-14] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2380.4.0_x64__kgqvnymyfvs32 [2022-10-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.229.500.0_x64__kgqvnymyfvs32 [2022-10-19] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.15.523.0_x64__rz1tebttyb220 [2022-10-12] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa [2022-10-25] (Apple Inc.) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11010.438.0_x64__8wekyb3d8bbwe [2022-10-19] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.15629.20208.0_x86__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.3101.0_x64__8wekyb3d8bbwe [2022-10-05] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-08-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-06-06] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-520046137-1738454763-4209218755-1001_Classes\CLSID\{9278ED91-B564-465E-8FDC-5BCA9CCBEE0D}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-05-16 06:15 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-06-10 14:36 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2018-05-16 06:15 - 2012-06-05 15:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 06:15 - 2008-08-18 18:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 06:15 - 2009-12-23 15:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 06:15 - 2009-12-25 15:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 06:15 - 2011-10-07 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-06-10 14:36 - 2012-07-05 05:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-02-10 02:46 - 2017-06-20 21:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 07:46 - 2022-09-03 07:36 - 000454574 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15603 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{76167615-4E40-4D33-8826-8576A0D44FDC}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{9B3FBC69-FB9A-435D-92DE-F78E8F2C54F3}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{65F6D2BF-D4A3-4A40-BEA3-26C53FED1E0F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{13137F2D-91F7-451F-8FBD-520AD0EAE3E9}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{8ED3D9D6-4BCE-46B3-9FCC-47AA9B18791E}] => (Allow) C:\Users\Lillian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{8797784B-8CA6-4B85-98D1-CD5CB23463DC}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{204B4822-50A3-4B17-9874-ADFD9F4FD4B2}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{C378F7C0-8994-4E0E-A525-A7D53CFFCFF2}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{4FA18C39-76D3-46AC-BC8D-B24E34812C67}C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{0342B118-3737-43C1-89E1-BE4BE03FBD33}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{67D9DB0B-C116-4AD7-B8FC-26B093E057DD}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{D8534AEC-662E-4EA4-BFE3-72038782091D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{99F9E812-AD8A-462E-B4DE-6A0093050C1D}C:\users\lillian\appdata\local\warthunder\win64\aces.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{B3D077D7-48E3-422C-AA24-91E76E68102C}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FE17A816-3AE6-4D61-A280-69AC09730E97}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{66AFAE66-7608-41B6-A5B6-423FDA161F30}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9357B0B5-04C2-44C4-8B4C-C75EAF3A7CA9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{9F00FFD2-057E-44E6-8555-81C1495F69E0}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{00F78E1D-FB7A-40D0-9902-08BF5A6B475C}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{79C50711-0F71-4140-B11F-7E8798713489}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{43B70227-FCF5-4392-9144-0B2A703FF9AA}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A7547A60-F0B0-4523-AB1D-0681CF7DC897}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{589DB5B1-B4E6-4DFD-A215-2EA239A45A4F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8B5C3DD6-F356-499D-8AD3-3363BE51657D}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query User{65711726-0568-408A-89DE-26444F5B19D8}C:\users\lillian\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\lillian\appdata\local\warthunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{0DBCD40A-31E0-4ABD-883C-04805EBA09D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{08FE3F76-5BD6-42D0-A283-CC07EE44BBF3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C430C5A4-37C4-4530-8942-0AF9479206EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{00F2C82A-03EB-473C-A37A-476CB9B3E23E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{8F88FA8B-2EDA-490E-8DE2-8BB80C635B14}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2094FDD-3A20-4FE3-A24E-E980F0CB726A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00A1FB83-4B37-4A00-9B7D-9F7A3ED9B5E8}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{80BCF5D6-CE85-422A-9FB3-2C5DA2F3CAFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{FBB18DEB-DE8F-4596-AB48-3D1C2EB5E11B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2BF1649-BB5A-4148-BF36-518B8AA92426}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF4DA5C5-04BC-4F18-8A66-38C97FBD399F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A6D359DF-9D3B-4D6E-AA08-B012873FA372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAF0DFDF-6FF6-49CE-AB5C-C0E4AF23931C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15629.20208.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D747E414-03E3-4B0D-ABD3-E166694D706B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4948504E-FD28-4614-9DBE-0CEE7EF9029E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82F9206D-42D2-43ED-88CA-1577102EBD30}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{51404A8E-B93D-45B1-8FDB-882FD31C3A05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{084AC05A-1927-4993-A1D6-528DA80519E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB8CC390-52A1-46EC-BCC2-734A0E75A318}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4399FF38-B1B8-49F5-AF35-6889E6BAA91F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D12D8EA3-FF54-46DA-BB0B-9FC28455DA81}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{48BD2ADD-D0DC-49CD-B781-7B5ADBFEC3DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

21-10-2022 10:58:38 Removed Java 8 Update 341 (64-bit)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/26/2022 06:37:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.1357, time stamp: 0x633db335
Faulting module name: Qt5Qml.dll, version: 5.15.8.0, time stamp: 0x620c64e8
Exception code: 0xc000041d
Fault offset: 0x00000000001bc8d7
Faulting process id: 0x1d88
Faulting application start time: 0x01d8e937aa6465fe
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: 970bd88e-f076-4863-9b59-2b29dfd1cab6
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2022 06:37:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 4.0.0.1357, time stamp: 0x633db335
Faulting module name: Qt5Qml.dll, version: 5.15.8.0, time stamp: 0x620c64e8
Exception code: 0xc0000005
Fault offset: 0x00000000001bc8d7
Faulting process id: 0x1d88
Faulting application start time: 0x01d8e937aa6465fe
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
Report Id: cec2d30d-87ed-4024-ada8-03c696e1e4e6
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2022 06:13:11 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-MNATPML$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Wed, 26 Oct 2022 12:13:08 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 4bdf46b6-a293-489e-8f82-ce771fd656c2

Method: GET(15359ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (10/25/2022 04:59:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.549.0.51144, time stamp: 0x760f979f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x016ddfe6
Faulting process id: 0x2710
Faulting application start time: 0x01d8e8c569e080b8
Faulting application path: C:\Users\Lillian\AppData\Local\Roblox\Versions\version-fc5e24b515354061\RobloxPlayerBeta.exe
Faulting module path: unknown
Report Id: e4f9face-dd25-41f9-bb72-b2f2d44f0ab6
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2022 04:17:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.549.0.51144, time stamp: 0x760f979f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x018cfc70
Faulting process id: 0x1c30
Faulting application start time: 0x01d8e8bf8327362f
Faulting application path: C:\Users\Lillian\AppData\Local\Roblox\Versions\version-fc5e24b515354061\RobloxPlayerBeta.exe
Faulting module path: unknown
Report Id: b07ee5f5-e0b4-40fb-82c6-0060e8316fed
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2022 04:00:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.549.0.51144, time stamp: 0x760f979f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0190dfe6
Faulting process id: 0xadc
Faulting application start time: 0x01d8e8bd40668445
Faulting application path: C:\Users\Lillian\AppData\Local\Roblox\Versions\version-fc5e24b515354061\RobloxPlayerBeta.exe
Faulting module path: unknown
Report Id: c44fcf7d-3565-42f2-a4c7-d0dd89eab356
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2022 03:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.549.0.51144, time stamp: 0x760f979f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x016edfe6
Faulting process id: 0xe84
Faulting application start time: 0x01d8e8bb83c36deb
Faulting application path: C:\Users\Lillian\AppData\Local\Roblox\Versions\version-fc5e24b515354061\RobloxPlayerBeta.exe
Faulting module path: unknown
Report Id: 06389ed6-338e-479e-a765-f57e2eeb584e
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2022 03:28:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerBeta.exe, version: 0.549.0.51144, time stamp: 0x760f979f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x018edfe6
Faulting process id: 0xb80
Faulting application start time: 0x01d8e8b8b9664167
Faulting application path: C:\Users\Lillian\AppData\Local\Roblox\Versions\version-fc5e24b515354061\RobloxPlayerBeta.exe
Faulting module path: unknown
Report Id: b8370a8a-9d1c-4d21-a0ea-4825c3b85a1e
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/26/2022 09:14:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error

Error: (10/26/2022 09:14:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with the following error:
General access denied error


Windows Defender:
================
Date: 2022-10-22 08:35:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-10-21 18:24:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-10-21 16:48:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-10-21 16:17:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-10-21 14:48:18
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li.../Adodb.gen!A&threatid=2147605512&enterprise=0
Name: TrojanDownloader:HTML/Adodb.gen!A
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\Lillian\AppData\Roaming\discord\Cache\f_000446; file:_C:\Users\Lillian\AppData\Roaming\discord\Cache\f_000447
Detection Origin: Local machine
Detection Type: Generic
Detection Source: Real-Time Protection
Process Name: C:\Users\Lillian\Desktop\FRST64.exe
Security intelligence Version: AV: 1.377.589.0, AS: 1.377.589.0, NIS: 1.377.589.0
Engine Version: AM: 1.1.19700.3, NIS: 1.1.19700.3
Event[0]:

Date: 2022-10-21 13:15:36
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.343.658.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18300.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2022-10-13 06:28:16
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.161.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19700.3
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2022-10-13 06:28:16
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.377.161.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.19700.3
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2022-10-13 06:28:16
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.19700.3
Previous Engine Version: 1.1.18300.4
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2022-03-20 07:09:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.361.345.0
Previous security intelligence Version: 1.343.658.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.19000.8
Previous Engine Version: 1.1.18300.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2022-10-26 09:40:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 32%
Total physical RAM: 15788.77 MB
Available physical RAM: 10646.08 MB
Total Virtual: 18220.77 MB
Available Virtual: 11939.06 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:456.31 GB) (Model: ST1000DM003-1SB102) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) (Model: ST1000DM003-1SB102) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.47 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt =======================



Farbar Service Scanner Version: 13-08-2022 01
Ran by Lillian (administrator) on 26-10-2022 at 10:15:46
Running from "C:\Users\Lillian\Desktop"
Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK (Start=Auto).
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[DR M]

Hello.

I still see the Avast extension in the logs. Can you give it another try please?

• Open Chrome.
• At the top right choose More (the three vertical dots) > More Tools > Extensions
• Find Avast SafePrice | Comparison, deals, coupons, and remove it, clicking on Remove.
• Confirm the action by clicking Remove once again.

After that:


1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
CreateRestorePoint:
CloseProcesses:
2022-10-21 13:17 - 2018-06-20 06:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
HKLM\...\StartupApproved\Run32: => "SDTray"
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Hosts:
EmptyTemp:
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

2. Check Windows Defender status

• Go to Settings (Windows icon on the keyboard + i)
• Select Update & Security
• From the left pane, Windows Security
• Open Windows Security
• Let me see a screenshot of what you see

In your next reply, I would like to see:

1. The fixlog.txt
2. The Windows Security screenshot

 

[gigglepot33]

I opened Chrome and still don't see it. Is there any other way to delete it? Here is a screenshot of my two Chrome extensions:





Fix result of Farbar Recovery Scan Tool (x64) Version: 23-10-2022
Ran by Lillian (26-10-2022 14:35:23) Run:2
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
2022-10-21 13:17 - 2018-06-20 06:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => -> No File
HKLM\...\StartupApproved\Run32: => "SDTray"
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Hosts:
EmptyTemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
"AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}" => removed successfully
"AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon32 => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SDECon64 => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SDTray" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray" => not found
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40338764 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 77234601 B
Windows/system/drivers => 1247843 B
Edge => 0 B
Chrome => 24650012 B
Firefox => 1105505857 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16726 B
NetworkService => 23212 B
Lillian => 716897742 B
OVRLibraryService => 716897742 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:42:43 ====




And when I clicked the popup saying I have no Virus protection on, this is the screen I now see.



Now when I restarted the computer after the last Fix, it starts up in 1 minute and 35 seconds!

 

[Gary R]

You're probably going to need to remove the Avast extension manually ...

https://www.timeatlas.com/uninstall-chrome-extensions/

.... see the "Uninstall Chrome Extensions Manually" section of the article linked to above.

It likely won't be named as Avast, so the folder you're looking to delete is .... eofcbnmajmjmplflapaojjnihcjkigck

 

[gigglepot33]

Can I just delete Chrome and reinstall it? Wouldn't that get rid of the extension? Especially since I don't have Avast on my computer anymore.

 

[DR M]

Thanks, Gary.

gigglepot33,

The extension's path is actually this: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

You are going to delete eofcbnmajmjmplflapaojjnihcjkigck.

I will be back to you in a while about the other issue.

 

[Corday]

Deleting a browser doesn't delete app data.

 

[DR M]

Hello.

After deleting the above extension, please try the following:


1. Download a fresh WinDefend service

Download WinDefend.reg and save it to your Desktop.


2. Restart with Safe mode

• Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
• Choose Update and Security.
• From the menu at the left, choose Recovery.
• Under the title Advanced startup at the right, choose Restart now.
• From the window that will appear choose Troubleshoot and then Advanced options.
• Choose Startup Settings and then Restart.
• Press number 5, for choosing Safe mode with networking.
• You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

3. Restore missing services

• Double-click on the WinDefend.reg which is on your Desktop, allow the information to be merged (Yes) and restart the computer in Normal mode.

4. Run FSS again

• Restart in normal mode.
• Right click on the tool icon and run it as administrator, as you did before.
• Make sure all the options are checked.
• Click on the Scan button.
• It will create a log (FSS.txt) on your Desktop.
• Copy and paste the log's content to your next reply.

In your next reply please post:

1. The FSS log

 

[gigglepot33]

I won't be able to do these latest steps until Monday.

 

[gigglepot33]

Hi, there is no Appdata after Lillian. Here's a screenshot:

 

[gigglepot33]

I found Appdata after Googling and check marking to show Hidden items. But that extension that you said to delete isn't there. Screenshot below:

 

[DR M]

Strange. I would expect the Avast extension to be shown there.

I'll ask you to do something more drastic now, to make a fresh start with Chrome:

1. Backup your Bookmarks

If your Chrome Bookmarks are important do this first:
Go to this link: How to Export Bookmarks from Chrome: 9 Steps (with Pictures) follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

2. Get ready - Download Chrome installer

Download Chrome installer and save to install later: Google Chrome – Download the fast, secure browser from Google Google Chrome - Download the Fast, Secure Browser from Google

3. Reset Sync

• Open Chrome and sign into your account.
• Open a new tab and type or copy paste chrome://settings/syncSetup
• Press Enter.
• Select Sync and Google services.
• Select Review your synced data.
• Scroll down the Data from Chrome sync page and select Reset Sync that will clear synced data from Google Server. OK.

4. Completely uninstall Chrome

• Uninstall Chrome: Uninstall Google Chrome - Computer - Google Chrome Help
• Follow those instructions and ensure the option "Also delete your browsing data" is selected. <<--- Very important!!
• Navigate to C:\Users\Your user name\Appdata\Local
• From that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)
  
  How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

5. Install Google Chrome

• Install Google Chrome using the installer you have already downloaded.
• Import your Bookmarks.

After the above, please run FRST again and attach for me the FRST log. I don't need Addition this time.

 

[gigglepot33]

I don't see Reset Sync. Do you mean Clear Data? It's at the very bottom of my "Chrome data in your account page".

 

[DR M]

Yes, Clear Data, please.

 

[gigglepot33]

Here is a new FRST log (I hope the Chrome extension is gone now). Do I go back and do the steps of #69 to deal with the no virus protection turned on?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-10-2022 02
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (31-10-2022 14:04:04)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Platform: Microsoft Windows 10 Home Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\AMD\CNext\CNext\amddvr.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed] C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-18] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2793016 2022-10-18] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32696784 2022-10-27] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-28] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-10-31] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {28E7D666-D780-43FF-8EE9-2EA079EB8F0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {29B72F8C-EDAD-4DFE-B0B7-11B95D29F0DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {4A2CBED6-0CD7-4E42-8685-E0B554064DDA} - System32\Tasks\GoogleUpdateTaskMachineUA{83A80D0B-EA32-4F4F-906C-0D0CA47FF735} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-31] (Google LLC -> Google LLC)
Task: {4DC9630D-50AF-492A-BBE9-E6ABF6471CC7} - System32\Tasks\GoogleUpdateTaskMachineCore{23A8FBE5-C5A7-4000-A091-7E3D45C599D2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-31] (Google LLC -> Google LLC)
Task: {544D99A4-F781-425D-AB9B-E691807CA27C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {61808372-99EE-4F6D-A379-9B0A153A17AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84189EAA-640C-4B63-87FD-925AFBE1B0EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86328BD5-2CB9-4277-8FA4-C0EB06C8CD1F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {992DC982-2CF9-4C3A-B229-8432A1EC8667} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B23021E6-863E-43B9-AE89-6771D8315BB2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64324158-2892-4aef-98b3-a8fc4e3bd95d}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lillian\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-31]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2022-10-31]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://www.facebook.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2021-08-04]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2022-10-31]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Black and Purple Theme) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{155429d2-8bf5-44bf-94f8-d194c3ec5f15}.xpi [2021-06-16]
FF Extension: (Photon Colors) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-07-30]
FF Extension: (Fairytale Of Nature) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{6804879d-8801-473a-b13d-605b902a5e4f}.xpi [2021-06-15]
FF Extension: (Greasemonkey) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-28]
FF Extension: (¡Light Blue Theme!) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{f416b4af-c4c9-4607-96ac-77fea7ed4a9b}.xpi [2021-06-16]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2022-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-31]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable [2022-10-21]
OPR Extension: (Rich Hints Agent) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-09-18] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-10-28] (Epic Games Inc. -> Epic Games, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-06-11] (Parsec Cloud, Inc. -> Parsec)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lillian\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 RtkA2dp; C:\WINDOWS\System32\drivers\RtkA2dp.sys [202208 2017-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [72160 2017-10-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-31 13:58 - 2022-10-31 13:58 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-31 13:58 - 2022-10-31 13:58 - 000002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-31 13:57 - 2022-10-31 14:01 - 000000000 ____D C:\Users\Lillian\AppData\Local\Google
2022-10-31 13:57 - 2022-10-31 13:57 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{83A80D0B-EA32-4F4F-906C-0D0CA47FF735}
2022-10-31 13:57 - 2022-10-31 13:57 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{23A8FBE5-C5A7-4000-A091-7E3D45C599D2}
2022-10-31 13:57 - 2022-10-31 13:57 - 000000000 ____D C:\Program Files\Google
2022-10-31 13:44 - 2022-10-31 13:45 - 000080510 _____ C:\Users\Lillian\Desktop\Chrome bookmarks_10_31_22.html
2022-10-31 13:27 - 2022-10-31 13:27 - 001427176 _____ (Google LLC) C:\Users\Lillian\Desktop\ChromeSetup.exe
2022-10-31 13:04 - 2022-10-31 13:04 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-31 12:08 - 2022-10-31 12:08 - 000002227 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2022-10-31 12:08 - 2022-10-31 12:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-28 11:15 - 2022-10-28 11:15 - 000000000 ____D C:\Users\Lillian\AppData\Local\EpicOnlineServicesUserHelper
2022-10-26 16:13 - 2022-10-26 16:13 - 000000152 _____ C:\Users\Lillian\AppData\Local\kritadisplayrc
2022-10-26 10:39 - 2022-10-26 10:39 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2022-10-26 10:39 - 2022-10-26 10:39 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2022-10-26 10:15 - 2022-10-26 10:16 - 000002967 _____ C:\Users\Lillian\Desktop\FSS.txt
2022-10-26 10:15 - 2022-10-26 10:15 - 000958976 _____ (Farbar) C:\Users\Lillian\Desktop\FSS.exe
2022-10-26 06:36 - 2022-10-26 06:36 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-26 06:36 - 2022-10-26 06:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-26 06:36 - 2022-10-26 06:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-26 06:36 - 2022-10-26 06:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-10-26 06:36 - 2022-10-26 06:35 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-10-26 06:35 - 2022-10-26 06:35 - 002632256 _____ (Malwarebytes) C:\Users\Lillian\Desktop\MBSetup-614F9D64-37335.37335.exe
2022-10-26 06:35 - 2022-10-26 06:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-26 06:35 - 2022-10-26 06:35 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-26 06:33 - 2022-10-26 06:37 - 000000000 ____D C:\AdwCleaner
2022-10-26 06:33 - 2022-10-26 06:33 - 008791352 _____ (Malwarebytes) C:\Users\Lillian\Desktop\adwcleaner(1).exe
2022-10-26 06:32 - 2022-10-26 06:32 - 008551608 _____ (Malwarebytes) C:\Users\Lillian\Desktop\AdwCleaner.exe
2022-10-21 14:04 - 2022-10-26 14:42 - 000003486 _____ C:\Users\Lillian\Desktop\Fixlog.txt
2022-10-21 13:25 - 2022-10-21 13:25 - 007531152 _____ (VS Revo Group ) C:\Users\Lillian\Desktop\revosetup.exe
2022-10-21 13:25 - 2022-10-21 13:25 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-10-21 13:25 - 2022-10-21 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-10-21 13:25 - 2022-10-21 13:25 - 000000000 ____D C:\Program Files\VS Revo Group
2022-10-15 16:41 - 2022-10-15 16:41 - 000000924 _____ C:\Users\Public\Desktop\Overwatch.lnk
2022-10-15 16:41 - 2022-10-15 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2022-10-15 16:02 - 2022-10-28 19:53 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-10-15 15:50 - 2022-10-29 20:45 - 000000000 ____D C:\Users\Lillian\AppData\Local\Battle.net
2022-10-15 15:50 - 2022-10-15 16:43 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Battle.net
2022-10-15 15:49 - 2022-10-21 21:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-10-15 15:49 - 2022-10-15 15:49 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-10-15 15:49 - 2022-10-15 15:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-10-15 15:48 - 2022-10-15 15:48 - 004838352 _____ (Blizzard Entertainment) C:\Users\Lillian\Desktop\Battle.net-Setup.exe
2022-10-15 10:20 - 2022-10-15 10:20 - 002584894 _____ C:\Users\Lillian\Desktop\webSaver_coupons_20221015.fdf
2022-10-14 06:49 - 2022-10-14 06:49 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-3.pdf
2022-10-14 06:48 - 2022-10-14 06:48 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-6.pdf
2022-10-13 13:38 - 2022-10-22 19:22 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-10-13 13:38 - 2022-10-22 19:22 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2022-10-12 13:45 - 2022-10-31 13:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-12 07:43 - 2022-10-12 07:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-12 07:43 - 2022-10-12 07:43 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-12 07:43 - 2022-10-12 07:43 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-12 07:42 - 2022-10-12 07:42 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-12 07:42 - 2022-10-12 07:42 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-12 07:41 - 2022-10-12 07:41 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-12 07:41 - 2022-10-12 07:41 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-12 06:57 - 2022-10-12 06:57 - 000000000 ___HD C:\$WinREAgent
2022-10-11 20:08 - 2022-10-11 20:08 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-5.pdf
2022-10-11 20:06 - 2022-10-11 20:06 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-2.pdf
2022-10-11 20:05 - 2022-10-11 20:05 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-4.pdf
2022-10-10 18:32 - 2022-10-10 18:32 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-1.pdf
2022-10-10 18:32 - 2022-10-10 18:32 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-3.pdf
2022-10-10 14:31 - 2022-10-10 14:31 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb.pdf
2022-10-10 14:20 - 2022-10-10 14:20 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-2.pdf
2022-10-05 14:49 - 2022-10-05 14:49 - 001659877 _____ C:\Users\Lillian\Desktop\Cheez-It Snap'd Crackers Coupon.xlsx
2022-10-05 14:17 - 2022-10-05 14:18 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-1.pdf
2022-10-05 14:15 - 2022-10-05 14:16 - 001468065 _____ C:\Users\Lillian\Desktop\Babybel Mini Rolls.xlsx
2022-10-05 14:09 - 2022-10-10 14:37 - 000436986 _____ C:\Users\Lillian\Desktop\Cascades Coupon.xlsx
2022-10-05 11:50 - 2022-10-05 11:50 - 000496663 _____ C:\Users\Lillian\Desktop\document.pdf
2022-10-05 11:33 - 2022-10-26 10:13 - 000072217 _____ C:\Users\Lillian\Desktop\Addition.txt
2022-10-05 11:24 - 2022-10-31 14:08 - 000023589 _____ C:\Users\Lillian\Desktop\FRST.txt
2022-10-05 11:24 - 2022-10-31 14:03 - 000000000 ____D C:\Users\Lillian\Desktop\FRST-OlderVersion
2022-10-05 11:22 - 2022-10-31 14:07 - 000000000 ____D C:\FRST
2022-10-05 11:21 - 2022-10-31 14:03 - 002374144 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-31 14:05 - 2022-02-28 14:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-10-31 14:02 - 2018-05-14 06:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-31 14:00 - 2018-06-23 07:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2022-10-31 13:53 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-31 13:11 - 2018-05-13 10:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2022-10-31 13:03 - 2021-03-24 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-31 13:03 - 2020-09-27 08:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-31 13:03 - 2018-05-13 10:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-31 13:02 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-31 13:02 - 2018-02-10 02:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-10-31 13:01 - 2021-07-08 19:54 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2022-10-31 12:47 - 2018-05-13 10:46 - 000000000 ____D C:\Users\Lillian\AppData\Local\ElevatedDiagnostics
2022-10-31 12:08 - 2018-05-13 10:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-31 12:02 - 2020-09-27 08:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-31 10:22 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-30 20:46 - 2020-09-27 08:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-30 20:46 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-28 19:52 - 2018-06-01 20:28 - 000000253 _____ C:\Users\Lillian\AppData\LocalLow\rbxcsettings.rbx
2022-10-28 19:51 - 2018-06-01 20:28 - 000001450 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2022-10-28 19:48 - 2018-06-01 20:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-10-28 16:34 - 2018-06-01 20:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2022-10-28 16:32 - 2019-10-19 20:44 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2022-10-26 16:28 - 2018-07-09 21:25 - 000000000 ____D C:\Users\Lillian\AppData\Local\CrashDumps
2022-10-26 16:13 - 2021-08-06 11:25 - 000028828 _____ C:\Users\Lillian\AppData\Local\kritarc
2022-10-26 15:08 - 2018-06-01 20:30 - 000001430 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2022-10-26 10:39 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-26 10:38 - 2021-11-20 10:32 - 000153048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-10-26 10:38 - 2021-11-07 09:55 - 002815456 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-10-26 10:38 - 2021-11-07 09:55 - 000452048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-10-26 10:38 - 2021-11-07 09:55 - 000243168 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-10-26 10:38 - 2021-11-07 09:55 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-10-26 10:38 - 2021-11-07 09:55 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-10-26 10:14 - 2018-05-16 11:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2022-10-26 06:36 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-25 21:25 - 2018-05-22 06:01 - 000000000 ____D C:\Program Files (x86)\Steam
2022-10-25 20:22 - 2018-05-16 12:39 - 000000000 ____D C:\Users\Lillian\AppData\Local\WarThunder
2022-10-25 06:32 - 2021-12-16 07:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-10-25 06:32 - 2021-07-08 19:54 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-10-25 06:32 - 2021-07-08 19:13 - 000002392 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-23 20:58 - 2020-03-24 12:57 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\discord
2022-10-23 20:56 - 2022-08-03 12:35 - 000000000 ____D C:\Users\Lillian\AppData\Local\Discord
2022-10-23 20:55 - 2020-03-24 12:57 - 000002244 _____ C:\Users\Lillian\Desktop\Discord.lnk
2022-10-22 12:09 - 2021-08-06 11:25 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\krita
2022-10-22 08:46 - 2020-09-27 08:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-21 14:56 - 2020-09-22 20:47 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Temp
2022-10-21 14:43 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-21 13:15 - 2018-12-20 23:31 - 000005146 _____ C:\WINDOWS\wininit.ini
2022-10-17 07:00 - 2021-07-08 19:28 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-17 06:53 - 2020-09-27 08:50 - 000449544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-17 06:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-15 16:02 - 2020-07-14 08:37 - 000000000 ____D C:\Users\Lillian\AppData\Local\Blizzard Entertainment
2022-10-14 16:39 - 2020-09-27 08:53 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-14 16:39 - 2020-09-27 08:53 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-13 13:40 - 2021-07-08 19:54 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-12 07:54 - 2019-12-07 03:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-12 07:54 - 2019-12-07 03:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-12 07:41 - 2020-09-27 08:53 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-10-12 06:54 - 2018-05-13 11:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-12 06:40 - 2018-05-13 11:27 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-12 04:39 - 2022-06-10 19:28 - 000316920 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInputRedist.dll
2022-10-12 02:55 - 2022-06-10 19:28 - 000199672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInputRedist.dll
2022-10-11 17:05 - 2021-07-08 19:54 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-500
2022-10-11 17:05 - 2021-07-08 19:54 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-10-11 17:05 - 2021-07-08 19:54 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2022-10-11 17:05 - 2021-07-08 19:54 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2022-10-11 17:05 - 2021-07-08 19:54 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-10-11 17:05 - 2021-07-08 19:54 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-10-08 16:09 - 2020-09-27 08:54 - 000000000 ____D C:\ProgramData\Packages
2022-10-08 16:09 - 2018-05-13 10:47 - 000000000 ____D C:\Users\Lillian\AppData\Local\PlaceholderTileLogoFolder
2022-10-08 16:09 - 2018-05-13 10:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\Packages
2022-10-04 06:37 - 2021-12-20 16:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-10-03 13:36 - 2018-05-14 11:27 - 000000000 ____D C:\Program Files (x86)\SystemScheduler

==================== Files in the root of some directories ========

2018-05-14 11:44 - 2018-05-14 12:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 12:24 - 2018-05-14 12:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 10:38 - 2022-10-31 13:05 - 002153562 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2021-04-12 11:29 - 2021-04-12 11:29 - 000000118 _____ () C:\Users\Lillian\AppData\Local\HeartbeatCache.xml
2021-08-06 19:18 - 2021-08-06 19:18 - 000000356 _____ () C:\Users\Lillian\AppData\Local\karboncalligraphyrc
2021-08-06 11:25 - 2022-10-26 16:12 - 000002546 _____ () C:\Users\Lillian\AppData\Local\krita-sysinfo.log
2021-08-06 11:25 - 2022-10-26 16:13 - 000498617 _____ () C:\Users\Lillian\AppData\Local\krita.log
2021-08-06 22:12 - 2021-10-05 18:59 - 000080678 _____ () C:\Users\Lillian\AppData\Local\kritacrash.log
2022-10-26 16:13 - 2022-10-26 16:13 - 000000152 _____ () C:\Users\Lillian\AppData\Local\kritadisplayrc
2021-08-06 11:25 - 2022-10-26 16:13 - 000028828 _____ () C:\Users\Lillian\AppData\Local\kritarc
2022-02-25 16:49 - 2022-02-25 16:49 - 000016438 _____ () C:\Users\Lillian\AppData\Local\partner.bmp
2019-09-06 09:51 - 2019-09-06 09:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[DR M]

Yes! The extension is now gone.

Now, you will follow the instructions here: Very long Start-up time

 

[gigglepot33]

Farbar Service Scanner Version: 13-08-2022 01
Ran by Lillian (administrator) on 31-10-2022 at 14:37:57
Running from "C:\Users\Lillian\Desktop"
Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK (Start=Auto).
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[DR M]

The service is still not running.

We can try a couple of things. Go to step 2, if step 1 doesn't work for you.


1. Check WinDefend service

• In the Search area type Services and choose this item when appears.
• Find Microsoft Defender Antivirus Service in the list.
• Right click and check what it is available. You can choose Refresh and Restart.
• Let me know if the service started normally.

2. Make a full scan with Windows Defender

Some users report that this solves the specific issue with Defender.

• Go to Settings (Windows icon on the keyboard + i)
• Select Update & Security
• From the left pane, Windows Security
• Open Windows Security.
• Go to Virus & threat protection
• Scan options
• Full scan
• Scan now
• This will take time, so be patient until it finishes.
• Let me know if the Windows Defender issue is now resolved.

 

[gigglepot33]

After Refreshing the Microsoft Defender Antivirus Service, I still can't get it to say Running. Nothing happens.




When I do the second step, I get this on the first screen:



And then this on the second screen, just as it was doing before, there is no Scan Options. Could it be because I downloaded Malwarebytes on my computer and it's interfering with which virus protection to use?