Jump to content

Recommended Posts

I used malwarebytes to attempt to remove segurazo antivirus about a week ago. It seemed to work - few scans later, it didn't detect any remnants of it after deleting the associated files. However just today, it detected it again. I followed the steps from this thread (https://forums.malwarebytes.com/topic/249548-pup-segurazo-antivirus-is-my-computer-clean-now/), but I think I need a fixlist.txt to complete the process. Below are my malwarebytes and adwcleaner logs.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/19
Scan Time: 10:30 PM
Log File: abf09722-b4e6-11e9-b930-082e5f885e56.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11822
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lisa-HP\Lisa

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 317958
Threats Detected: 9
Threats Quarantined: 8
Time Elapsed: 37 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\PROGRAMDATA\SEGURAZO, Quarantined, [1510], [709093],1.0.11822

File: 5
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64\msdia140.dll, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86\msdia140.dll, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\Microsoft.Diagnostics.Tracing.TraceEvent.dll, Quarantined, [1510], [709093],1.0.11822
PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\System.Threading.dll, Quarantined, [1510], [709093],1.0.11822
MachineLearning/Anomalous.94%, C:\USERS\LISA\DESKTOP\DESKTOP FOLDERS\LESTER\BOTS\HCN LAUNCHER.EXE, No Action By User, [0], [392687],1.0.11822

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    08-01-2019
# Duration: 00:00:53
# OS:       Windows 7 Home Premium
# Scanned:  35810
# Detected: 70


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Program Files (x86)\Feed Notifier
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier

***** [ Files ] *****

PUP.Optional.Legacy             C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkService   
Preinstalled.HPCeement          
Preinstalled.HPClientServices   
Preinstalled.HPCoolSense        
Preinstalled.HPHealthCheck      
Preinstalled.HPLaunchBox        
Preinstalled.HPMediaSmart       
Preinstalled.HPSupportAssistant 
Preinstalled.HPTouchpointAnalyticsClient 
Preinstalled.LenovoPowerDVD     
Preinstalled.WildTangentGamesBundle 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-01-2019
# Duration: 00:00:08
# OS:       Windows 7 Home Premium
# Cleaned:  4
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier
Not Deleted   C:\Program Files (x86)\Feed Notifier

***** [ Files ] *****

Deleted       C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\csastats
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2093 octets] - [01/08/2019 23:11:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

Here are my FRST logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by Lisa (01-08-2019 23:36:23)
Running from C:\Users\Lisa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-19 08:13:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-44778635-258979257-1769342257-500 - Administrator - Disabled)
Guest (S-1-5-21-44778635-258979257-1769342257-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-44778635-258979257-1769342257-1002 - Limited - Enabled)
Lisa (S-1-5-21-44778635-258979257-1769342257-1000 - Administrator - Enabled) => C:\Users\Lisa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.223 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-61dbb20b-8864-4151-a181-26960025718c) (Version: 2.2.0.97 - WildTangent) Hidden
Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.11 - Bentley Systems, Incorporated)
Bentley DGN Index Service (HKLM-x32\...\{A753B088-3FCE-4F1C-BF92-8E6931DE261E}) (Version: 08.11.09030 - Bentley Systems, Incorporated)
Bentley DGN Preview Handler (HKLM-x32\...\{264B522D-1B7F-4AAF-A32B-55A6BF5679F2}) (Version: 8.11.8004 - Bentley Systems, Incorporated)
Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.411 - Bentley Systems, Incorporated)
Bentley DgnDb i-model Importer 1.5 x64 (HKLM\...\{A4F99FF8-18AF-45B4-AFB4-9266863B6CEE}) (Version: 01.05.02007.0 - Bentley Systems, Incorporated)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2014 (HKLM-x32\...\{23E55F00-CE7A-4860-AF2A-69F3A5F8E54A}) (Version: 08.11.09.578 - Bentley Systems, Incorporated)
Better Nike Bot (HKLM-x32\...\{017F4C1E-0C27-4805-B708-7AC5D861CB6E}_is1) (Version:  - BetterNikeBot)
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (HKLM-x32\...\WTA-400eb1ac-a884-4f8b-a54e-458c131de0fb) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BNB All in One (HKLM-x32\...\{6F6087CC-91C0-45AD-82D6-40587EBDA884}_is1) (Version:  - BetterNikeBot)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - Canon Inc.)
CaptainCook 1.3 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\953dce57fa77b402) (Version: 1.3.0.33 - CaptainCook 1.3)
CaptainCook 1.4 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\e652fe387c8f441b) (Version: 1.4.0.34 - CaptainCook 1.4)
CaptainCook 1.4.1 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\d129a43fd80dcd48) (Version: 1.4.1.35 - CaptainCook 1.4.1)
CaptainCook 1.5 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\37682e18fea6d434) (Version: 1.5.0.43 - CaptainCook 1.5)
Chuzzle Deluxe (HKLM-x32\...\WTA-a0d9ab7f-de6f-4bfc-a022-81bed9254435) (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (HKLM-x32\...\WTA-e0a3b505-d19b-47c5-a192-4869bf1efa19) (Version: 2.2.0.98 - WildTangent) Hidden
CyberAIO (HKLM\...\{AE27E5F5-4CA5-42E6-ABFF-F0D05579C6E4}) (Version: 3.0.4.1 - Cybersole)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dora's World Adventure (HKLM-x32\...\WTA-42e5adfb-20fd-4c81-a611-744a625d9c09) (Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
EveAIO version 6.01 (HKLM-x32\...\{304041F3-F417-4D61-B1B5-5CD71D2615F8}_is1) (Version: 6.01 - EVE_Robotics)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-b7b17d52-3023-4cf8-9168-a452ed75403b) (Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (HKLM-x32\...\WTA-605d3c8f-4e74-48fb-a7fb-67642e0c6353) (Version: 2.2.0.98 - WildTangent) Hidden
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FATE (HKLM-x32\...\WTA-5efc9b37-664c-4108-812a-dd2ded3d9a98) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-9fb14817-09b8-45c0-b08e-29ee1fdd8e8e) (Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{3EFA7006-AFA8-4A75-8FFA-5A43FC797A90}) (Version: 2.0.1.6782 - Fitbit Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{104898A0-CA37-4BB4-AC27-46B6FE3280DD}) (Version: 3.3.44.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-4cf50d80-8c39-4ece-a5c8-728e8c82f218) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9BCA64E3-D180-4F13-8014-5E62947150C1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.24.33 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.11.27.1 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
i-model ODBC Driver for Windows 7 (HKLM-x32\...\{775616F7-2D4C-4D73-8773-A66C0BCECB38}) (Version: 01.01.00019 - Bentley Systems, Incorporated)
i-model ODBC Driver for Windows 7 (x64) (HKLM\...\{454AD0FD-21D2-4E73-99E9-A40CAC75A636}) (Version: 01.01.00019 - Bentley Systems, Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTools 4 (HKLM-x32\...\iTools4) (Version: 4.4.3.8 - ThinkSky Technology Co., Ltd)
iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-2d316535-4a51-463a-b5cd-db37b4b3ac7d) (Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-6164c530-93ee-4c99-adc6-836dada4e7de) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-c42a7736-a9e3-4569-a67b-caa29d6e5106) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (HKLM-x32\...\WTA-9d5869d9-db4e-40ab-ba12-ad2ee7b549ef) (Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (HKLM-x32\...\WTA-65238e55-f612-401c-9c28-4cdfef664138) (Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-ce44369c-caf8-4753-8b12-2aaec58d19d2) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MicroStation V8i (SELECTseries 3) 08.11.09.578 (HKLM-x32\...\{B234DC00-1003-47E7-8111-230AA9E6BF10}) (Version: 08.11.09.578 - Bentley Systems, Incorporated)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Firefox 67.0.4 (x64 en-US) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (HKLM-x32\...\WTA-bdd37a7c-a404-4af8-abf3-d5d4a9b854f9) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-12a142f3-b316-41d7-b34f-9ec4ce72bf4c) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WTA-761fe667-d0a2-4728-be69-992995a739f3) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-61d53e5c-4c50-4e5b-ba0a-9b3f45c1ac7b) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-0787d4fd-1035-42de-93c0-c5b2766c9f5d) (Version: 2.2.0.98 - WildTangent) Hidden
Product Improvement Study for HP ENVY 4520 series (HKLM\...\{B722B235-7C2E-46B0-8DA8-69B01FE5E886}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
PX Profile Update (HKLM-x32\...\{E635F3DC-E92B-6E68-A2E7-BF77298E8584}) (Version: 1.00.1. - AMD) Hidden
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 (64-bit) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\{035e803e-bcc1-4b95-ab44-d33a027f963d}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (64-bit) (HKLM\...\{2DCB9307-E939-4A96-B931-6162B19DB666}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (64-bit) (HKLM\...\{B3411348-B653-4D70-9A09-28901FB91143}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (64-bit) (HKLM\...\{910DACA6-6A2B-467F-94AE-2DA40A29C0A5}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (64-bit) (HKLM\...\{732F63FB-D1EA-4D7B-844D-69AB27FB6A1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (64-bit) (HKLM\...\{06C8E684-F68F-4AEF-B41E-768E2BDF5FA5}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (64-bit) (HKLM\...\{5DFE0CAA-8EE6-40F7-B940-7FF9E4FB812F}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (64-bit) (HKLM\...\{C4D98953-C1E2-4273-929A-BC489AD42FAF}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (64-bit) (HKLM\...\{F8F7EF2B-246C-4085-B0DD-E3EBCD52D585}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (64-bit) (HKLM\...\{7D68AD0E-805E-47EA-B3AF-AD449353EDC9}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (64-bit) (HKLM\...\{871F9D05-4AF7-40E5-9DBD-1BD29D1ACA6D}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-1264d617-1352-47cb-81ab-79adb878b3b6) (Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
shopify-dashe (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\shopify-dashe) (Version: 2.6.1 - DasheIO, LLC)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System.Data.SQLite v1.0.105.2 (ReleaseNativeOnly) (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.105.2 - System.Data.SQLite Team)
The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-dea78cf6-b302-434d-ab88-f65c65c1f6bc) (Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (HKLM-x32\...\WTA-a53b75c1-ed95-486e-a679-cd3562fd640a) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-f6780050-e8c7-470d-8911-9df828cf28c4) (Version: 2.2.0.98 - WildTangent) Hidden
Visualization Content (HKLM-x32\...\{0D41BCFC-B16D-479F-8347-4F68F6CD34CE}) (Version: 8.11.9.454 - Bentley Systems, Incorporated)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)
Zuma's Revenge (HKLM-x32\...\WTA-83559221-960c-4ea0-9fbc-c4987918d937) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{a799acc2-7db4-4459-a792-a8870c28f3be}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-08-11] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-09-30] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Lisa\Desktop\DESKTOP FOLDERS\Lester\bots\Selenium\Bluesy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Lisa\Desktop\DESKTOP FOLDERS\Lester\bots\Selenium\First user - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mmfbcljfglbokpmkimbfghdkjmjhdgbg\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP for Google Cloud Platform.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mpbbnannobiobpnfblimoapbephgifkm
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) ->  --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Bluesy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Person 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Person 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2009-01-20 14:51 - 2009-01-20 14:51 - 000007168 _____ ( ) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-09-02 11:49 - 2011-09-02 11:49 - 000016384 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000369152 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll
2012-03-02 22:02 - 2011-05-20 11:05 - 000059904 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2019-06-14 15:35 - 2019-06-14 15:35 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\030d6c23f3503d2bec117e5c508d4d5d\IsdiInterop.ni.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000033280 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000018944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000035840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll
2011-09-30 23:06 - 2011-09-30 23:06 - 000316416 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2011-09-30 23:06 - 2011-09-30 23:06 - 000774144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000106496 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2011-09-30 23:06 - 2011-09-30 23:06 - 000096768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000035840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000077824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000065536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000159744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000033792 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000172032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 001003520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 002041344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2011-09-30 23:06 - 2011-09-30 23:06 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 001284096 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000286720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Eeu.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000262144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2011-06-08 02:26 - 2011-06-08 02:26 - 000020992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CoreAudioApi.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2010-08-23 17:11 - 2010-08-23 17:11 - 000299008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2011-06-23 11:51 - 2011-06-23 11:51 - 000094208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2011-09-30 23:06 - 2011-09-30 23:06 - 000217088 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000046592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Runtime.dll
2011-09-30 23:04 - 2011-09-30 23:04 - 000026112 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Shared.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000376832 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000057344 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2009-04-22 13:13 - 2009-04-22 13:13 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0702.dll
2009-06-17 06:27 - 2009-06-17 06:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2007-10-29 15:56 - 2007-10-29 15:56 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0710.dll
2009-06-17 11:24 - 2009-06-17 11:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2008-04-03 17:29 - 2008-04-03 17:29 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2009-01-20 15:36 - 2009-01-20 15:36 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0901.dll
2009-06-17 11:24 - 2009-06-17 11:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
2010-10-07 14:07 - 2010-10-07 14:07 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2010-11-05 15:18 - 2010-11-05 15:18 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000253952 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2011-09-30 23:02 - 2011-09-30 23:02 - 000373248 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2011-09-30 23:05 - 2011-09-30 23:05 - 000168960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2011-09-30 23:07 - 2011-09-30 23:07 - 000027648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000303104 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-09-30 23:03 - 2011-09-30 23:03 - 000180224 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2012-03-02 22:03 - 2011-08-09 09:12 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2010-09-28 16:33 - 2010-09-28 16:33 - 000299008 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2010-03-04 01:27 - 2010-03-04 01:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2009-04-22 13:13 - 2009-04-22 13:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-12-13 17:37 - 2012-12-13 17:37 - 000012288 _____ (Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-10-26 19:25 - 2010-08-23 09:09 - 000019456 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_ENU.DLL
2014-10-26 19:24 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2016-08-12 17:19 - 2016-08-12 17:19 - 004596904 ____R (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
2016-08-12 17:19 - 2016-08-12 17:19 - 005911720 ____R (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
2019-06-14 15:35 - 2019-06-14 15:35 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1ee5bbe67e0d1b85eb1b125cf57cba91\IAStorCommon.ni.dll
2012-03-02 22:03 - 2011-08-09 09:08 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll
2012-03-02 22:02 - 2011-05-20 11:05 - 000174592 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll
2012-03-02 22:02 - 2011-05-20 11:05 - 001318912 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2012-03-02 22:02 - 2011-05-20 10:54 - 000278528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll
2019-06-14 15:35 - 2019-06-14 15:35 - 000225792 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\88cdfc9d6ad7a6557b9e7a895a436ce7\IAStorDataMgr.ni.dll
2019-06-14 15:35 - 2019-06-14 15:35 - 000019968 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\afd7eda314e797c95f10e63fa0c8db68\IAStorDataMgrSvc.ni.exe
2019-06-14 15:35 - 2019-06-14 15:35 - 000491520 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2ae77882a9ed69252900c1ca517120b2\IAStorUtil.ni.dll
2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2015-09-13 23:11 - 2015-09-13 23:11 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL
2015-09-13 23:11 - 2015-09-13 23:11 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80ENU.DLL
2015-09-13 23:24 - 2015-09-13 23:24 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2012-03-02 22:06 - 2011-06-28 18:12 - 002413056 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2012-03-02 22:06 - 2011-04-13 11:09 - 000161280 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll
2014-11-10 20:11 - 2014-11-10 20:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll
2016-08-11 20:52 - 2016-08-11 20:52 - 001427968 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll
2011-08-11 12:14 - 2011-08-11 12:14 - 000047616 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
2016-08-12 17:17 - 2016-08-12 17:17 - 001500672 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-44778635-258979257-1769342257-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2019-03-02 12:32 - 000001053 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 dev.adidas.com
127.0.0.1 sole.slamjamsocialism-drops.com
54.69.163.181    hcn.adidas.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\HP SimplePass 2012\x64;C:\Program Files (x86)\HP SimplePass 2012\;;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Python27;C:\Python27\Scripts
HKU\S-1-5-21-44778635-258979257-1769342257-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58588614-3D34-4ACD-A188-EF6E27AD47FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Rovi Corporation)
FirewallRules: [{F05B6A5A-0551-4BB8-9BAF-B27C3891136D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Rovi Corporation)
FirewallRules: [{DAA3EB62-96A2-44F8-82D7-30C39A8CB1A2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe (Sonic Solutions -> Roxio)
FirewallRules: [{4C1E284E-185B-45CC-957D-780D429C49A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe (Sonic Solutions -> Roxio)
FirewallRules: [{FCB50265-FD6B-465B-ACE8-3CF3D7C44A73}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{BC3D64C0-87CA-42ED-B305-814EC9877A0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{339C84C0-A859-4B40-8B42-A1368C063369}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91010C2A-B2C0-4B89-B2C2-7553B2652E47}] => (Allow) LPort=50248
FirewallRules: [{8A5774DB-A2C4-4E08-83AF-ABCAF4D71CB6}] => (Allow) C:\Program Files (x86)\Common Files\Bentley Shared\Dgn  Index Service\DgnIndexServer.exe (Bentley Systems Inc.) [File not signed]
FirewallRules: [{7FC236AE-BD91-4C56-BAE1-B56AAD3EC874}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19C15A4E-0D90-42A6-8A08-E02E04E941AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FFD1503A-89BA-4CB3-8D7D-332CA23C9B70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{71B7F76A-845D-4A63-97FF-408F470CDE70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B49AA8F-1C87-4A8E-B679-2E1D136D7A10}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{336959FF-F952-4413-A808-57E308ADF08E}] => (Allow) C:\Users\Lisa\AppData\Local\Temp\7zS20F0\HP.EasyStart.exe No File
FirewallRules: [{EC2EF4EF-3E37-4E05-B31C-916F3C6F0B01}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{D2550E2D-E814-455B-BB9B-BA38A593DD4A}] => (Allow) LPort=5357
FirewallRules: [{6F079DEC-CEF7-4B50-9B74-19B917C7A7D5}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{649B52C2-5055-47D2-A7C7-2B4E93B0A1F9}] => (Allow) C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B529D07D-4BAC-4BA5-96BF-855E9FAFDAC7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D9347F3D-9847-40A0-8BA5-23698ED52742}] => (Allow) LPort=2869
FirewallRules: [{C3B0B765-C1CB-4209-8A12-147075B89A16}] => (Allow) LPort=1900
FirewallRules: [{2FA47F8D-8652-4469-9940-2F6EB18A3D65}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3548D7EC-E1CF-4489-928E-10BEEA3FEE5F}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{E944C035-F35A-4AFA-8BEC-62984BC20452}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{75AC2D07-888D-4F42-86A6-684FB95CC403}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{9D051D1F-8E2F-461E-84D4-960B0ED9DC3D}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{2657317A-514F-4039-9534-63DF006F2FB3}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Block) C:\program files (x86)\bnb all in one\bnb all in one.exe No File
FirewallRules: [UDP Query User{B01771BF-0E79-492E-AE28-A6C90F73628A}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Block) C:\program files (x86)\bnb all in one\bnb all in one.exe No File
FirewallRules: [TCP Query User{D8F6E785-3D26-4872-B851-6846968291FF}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Allow) C:\program files (x86)\bnb all in one\bnb all in one.exe No File
FirewallRules: [UDP Query User{C0654056-C0A2-4A78-8DCA-A0F2DF08D5DE}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Allow) C:\program files (x86)\bnb all in one\bnb all in one.exe No File
FirewallRules: [TCP Query User{33F24E5D-BB1B-4AA3-B74B-847AE8B5A3E5}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File
FirewallRules: [UDP Query User{E073D637-C7DA-482B-8A67-F82ACC8F2A6E}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File
FirewallRules: [TCP Query User{2E42447B-E7CF-4096-8E81-B83F829122D6}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File
FirewallRules: [UDP Query User{44E1993B-993F-43C2-B85E-5FEEA6B4B4C6}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File
FirewallRules: [TCP Query User{225D3D37-3C6A-4956-AEF4-4C2DE545E990}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe No File
FirewallRules: [UDP Query User{FF37E3D5-6C78-4463-8763-8BC090607D60}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe No File
FirewallRules: [TCP Query User{0A78EEEC-2693-4F59-BC1C-FADD2F1CB648}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe No File
FirewallRules: [UDP Query User{3120BFC8-4BAD-40E9-979C-734386956AAD}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe No File
FirewallRules: [TCP Query User{BB39A329-5EE4-4484-A648-97C1FD679133}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe No File
FirewallRules: [UDP Query User{29E40E80-6B9A-4202-B8AF-6B5F07FBDF75}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe No File
FirewallRules: [TCP Query User{CD5EABE9-B11B-40C2-8EE6-1F577558CFC1}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe No File
FirewallRules: [UDP Query User{B2225145-2849-467C-93C9-2D07109DA464}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe No File
FirewallRules: [TCP Query User{C89EC27C-057C-41C1-8DAD-3A80BAB3AAC2}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe No File
FirewallRules: [UDP Query User{18159ED0-3517-4D45-B46A-E41BAD5CD03F}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe No File
FirewallRules: [TCP Query User{AEB9368D-278F-49DD-BEAA-D3B7BD5F385E}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe (DasheIO, LLC) [File not signed]
FirewallRules: [UDP Query User{B4C54EE1-F07F-47CD-A091-1A23E7AB3755}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe (DasheIO, LLC) [File not signed]
FirewallRules: [TCP Query User{67F0AAB6-A11E-4554-BF9A-93218B38F747}C:\users\lisa\desktop\dashe-cracked.exe] => (Block) C:\users\lisa\desktop\dashe-cracked.exe No File
FirewallRules: [UDP Query User{B57E3B33-EA84-42C6-B00F-AF820B570875}C:\users\lisa\desktop\dashe-cracked.exe] => (Block) C:\users\lisa\desktop\dashe-cracked.exe No File
FirewallRules: [TCP Query User{867B63DE-6F36-46DC-9FF5-BA06A5C16186}C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe (DasheIO, LLC) [File not signed]
FirewallRules: [UDP Query User{CB25700E-729F-4A0C-9FDB-D7E6B7C050F3}C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe (DasheIO, LLC) [File not signed]
FirewallRules: [TCP Query User{5588DB6D-B37B-4C39-B4BB-FF89EA3CFE9D}C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe] => (Allow) C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe No File
FirewallRules: [UDP Query User{A6BF6BB9-873C-4E50-9B89-AEA2BC5C264B}C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe] => (Allow) C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe No File
FirewallRules: [{11B621E9-5D58-4AC7-8FAC-B9FD7B0CD835}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{372139F2-6D23-46F3-908C-0299D287E78F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CC1552FF-6160-4D38-AABE-BE9803959537}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{961A7BA3-F8A4-413A-A302-D7075069D303}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD1A33C3-F307-4878-B6D0-5DF102642B92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96CC9CEE-9814-4F4E-A71D-805CEA7A54F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C57CD47-8402-46B6-8F7D-CD74F8CDE30A}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe No File
FirewallRules: [{98DCCBBB-1D38-4BD2-B764-8CBD10215D54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-07-2019 08:59:25 Windows Update
26-07-2019 10:28:30 Windows Update
26-07-2019 20:23:46 Windows Update
30-07-2019 19:58:24 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2019 11:19:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/01/2019 10:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.14:61073 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 09:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.47:56038 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 09:12:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.47:64996 to 192.168.254.255:5353 length 4 too short

Error: (08/01/2019 09:12:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: DNS Message from 192.168.254.47:64996 to 192.168.254.255:5353 length 4 too short


System errors:
=============
Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Audio Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Andrea ST Filters Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2017-01-27 16:25:16.654
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{6811DBA8-59F2-4A7F-BE21-03EB8EDA317D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info =========================== 

BIOS: Hewlett-Packard F.1B 10/23/2012
Motherboard: Hewlett-Packard 17F9
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 8139.6 MB
Available physical RAM: 3378.48 MB
Total Virtual: 16277.35 MB
Available Virtual: 11370.56 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:673.14 GB) (Free:469.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.33 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

\\?\Volume{cf7c27f9-5764-11e4-bd2a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 4A73C3CB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by Lisa (administrator) on LISA-HP (Hewlett-Packard HP Pavilion dv6 Notebook PC) (01-08-2019 23:27:14)
Running from C:\Users\Lisa\Desktop
Loaded Profiles: Lisa (Available Profiles: Lisa & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink -> cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> ) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-11] (Windows (R) Win 7 DDK provider) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-08-04] (CyberLink -> cyberlink)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Chromium] => "c:\users\lisa\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Policies\Explorer: [] 
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc -> Autodesk, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{0CE7EBAF-157D-4111-9146-057CB2A4023E}] -> msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-07-30] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {141E2A97-22DF-439F-98A5-5C927CA241A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.)
Task: {2470CB26-2A3F-4184-BD62-8CBA6A1E3149} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {294D37E7-28B8-4F57-BF76-28488A5105CD} - System32\Tasks\HPCustPartic.exe_{A0A730A9-872C-42C6-B350-5F96170F040F} => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {4045FF7D-1E62-4E3F-823F-FFED96C981F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {41F6C09B-B8BC-45E6-9CCC-DE025CFCC2D4} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {46A8E092-EFF4-4B8F-9F9E-119F7710032D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH59I29051 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
Task: {4C2EBF7C-B691-49A6-99CC-C29B4492771D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {52D355C9-E668-4201-8419-9C9C33A28AB0} - System32\Tasks\{74AD5DE0-0360-4BF5-A298-DB72D5F95705} => C:\HCN Client\HCN Client.exe [1776128 2018-03-17] () [File not signed]
Task: {580B1557-C9A7-4258-ADE8-EEBB7ACBFE1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
Task: {67FF6C9E-7594-4547-96AD-F88AFBE706D6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-09-28] (CyberLink -> CyberLink)
Task: {6A4B3B0B-3C29-4C96-B841-691A1C7EC0C0} - System32\Tasks\{6F385723-AFDB-4EA8-895B-4C5DE6523330} => C:\HCN Client\HCN Client.exe [1776128 2018-03-17] () [File not signed]
Task: {8110E63D-B846-4EB1-81BA-7755FDA88C97} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-07-30] (AVAST Software s.r.o. -> AVAST Software)
Task: {81D1EDBB-4DDE-4F29-A25A-93AE3827216D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {89275BD1-AF57-4D53-AA43-866AA2D996EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {916B6ABE-89DA-482E-AA10-29067578C8E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.)
Task: {A8728EDF-6164-4A8A-91C4-86E8BF23D1BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe)
Task: {BF8BB6EE-BEBA-47AC-8825-21DF4447D00C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2977F8C-BADE-4C67-ADEA-5BAC7B0EE5F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {D09E65B4-E35F-4B4C-8534-5864EB7A58E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-16] (HP Inc. -> )
Task: {D432E0B0-44D1-4906-AF61-70458551A442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {D9B1006F-52DF-453A-A2DF-262058AE5429} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {E207E9AE-6F98-4C85-B9B9-48FE2704C207} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {E95074D1-AE3D-4D25-B68C-B6756D267CE4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe)
Task: {EBC2B7DA-1AA6-4169-BEFD-19ABEE7B1692} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.)
Task: {FB1271AC-2A34-475C-88A7-455851C15633} - System32\Tasks\HPCeeScheduleForLisa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForLisa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{186F8FA1-15EA-4808-88D0-9EE77C544DEA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{249DC121-3CB8-45D6-AF01-399D3A5C9053}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D8B70736-1E39-4CB0-AD81-5D071783D64C}: [DhcpNameServer] 192.168.254.254
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.12,1]

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=132081170322429891&GUID=ECE4816C-BD19-4621-9CA4-61700D4042C4
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=1007450&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (AuthenTec, Inc. -> HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (AuthenTec, Inc. -> HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation -> Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation -> Microsoft Corporation.)

FireFox:
========
FF DefaultProfile: cor2nw5k.default-1413791578096
FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096 [2019-07-20]
FF Extension: (Autofill Forms) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\autofillForms@blueimp.net.xpi [2018-01-21] [Legacy]
FF Extension: (Check4Change) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\check4change-owner@mozdev.org.xpi [2018-11-17]
FF Extension: (Selenium IDE: C# Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\csharpformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed]
FF Extension: (Selenium IDE: Java Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\javaformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed]
FF Extension: (Selenium IDE: Python Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\pythonformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed]
FF Extension: (RightBar) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\rightbar@realmtech.net.xpi [2016-12-21] [Legacy]
FF Extension: (Selenium IDE: Ruby Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\rubyformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed]
FF Extension: (Selenium Expert (Selenium IDE)) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\selenium-expert_selenium-ide@Samit.Badle.xpi [2016-12-21] [Legacy]
FF Extension: (Selenium IDE Button) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\selenium_ide_buttons@egarracingteam.com.ar.xpi [2018-01-21] [Legacy]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\sp@avast.com.xpi [2019-07-06]
FF Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\wrc@avast.com.xpi [2019-01-28]
FF Extension: (Selenium IDE) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-05-27] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2019-07-13]
CHR Extension: (Easy Auto Refresh) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-10]
CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Postman Interceptor) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmkgpgakddgnaphhhpliifpcfhicfo [2019-07-12]
CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12]
CHR Extension: (ForceCop Supreme Bot) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2019-05-17]
CHR Extension: (Rakuten Ebates: Get Cash Back For Shopping) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-07-10]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (RSCATC) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkegcfpgblnpjblojcbgomalnfgffhb [2016-11-29]
CHR Extension: (King LosAngeles) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccpadpoggalooiafpdggjmibnjgnfnk [2015-12-19]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-07]
CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Postman) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-11-16]
CHR Extension: (EditThisCookie) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-07-10]
CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-17]
CHR Extension: (Pay by Privacy.com) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgpakheknboplhmlicfkkgjipfabmhp [2019-05-17]
CHR Extension: (Auto Refresh) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2018-09-04]
CHR Extension: (Notifier for Twitter) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2018-09-04]
CHR Extension: (Distill Web Monitor) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\inlikjemeeknofckkjolnjbpehgadgge [2019-06-07]
CHR Extension: (AYINOPE Consortium Jig) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklaheofmknfnmiphplikndpnpafidbg [2018-03-22]
CHR Extension: (GOLD MONITOR Plus) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdljmohbmaelbgjlbkimlnnekhglbnbb [2016-07-26]
CHR Extension: (BNB Helper) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefppppbbpkdcdgcnflollfbhfljekce [2017-08-24]
CHR Extension: (Text) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfbcljfglbokpmkimbfghdkjmjhdgbg [2019-05-17]
CHR Extension: (Easy Account Switcher for Google, Facebook.) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnannclpojfocmcjfhoicjbkjllajfhg [2017-07-27]
CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2017-06-23]
CHR Extension: (All in One Dashboard by Heated Sneaks) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncicecjkfakbmelhamnagieonnkkjagg [2019-03-30]
CHR Extension: (MetaMask) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (TunnelBear VPN) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-03-30]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2018-09-04]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-10]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-12]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-08-01]
CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-16]
CHR Extension: (Dot Supreme) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\achpfncabpjpimfecnfckiigfffgacml [2018-03-25]
CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-16]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (ForceCop Supreme Bot) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2019-05-01]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-13]
CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4 [2019-07-20]
CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-24]
CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-24]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-24]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-24]
CHR Extension: (Website Logon) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2017-11-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-16]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-16]
CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-24]
CHR Extension: (EditThisCookie) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2019-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-22]
CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\padekgcemlokbadohgkifijomclgjgif [2018-11-22]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-16]
CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-13]
CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-30]
CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-23]
CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23]
CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-19]
CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-23]
CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-23]
CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-23]
CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-09-30] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink -> CyberLink)
S3 DgnIndexingService; C:\Program Files (x86)\Common Files\Bentley Shared\Dgn  Index Service\DgnIndexServer.exe [137728 2012-04-13] (Bentley Systems Inc.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (AuthenTec, Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc. -> HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311808 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9981952 2011-10-01] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [310272 2011-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-07-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387896 2019-07-26] (AVAST Software s.r.o. -> AVAST Software)
R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-07-28] (CyberLink -> CyberLink Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77992 2015-01-07] (Fresco Logic Inc -> Fresco Logic)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-27] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-31] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [535552 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161005.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161005.020\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 23:27 - 2019-08-01 23:33 - 000050788 _____ C:\Users\Lisa\Desktop\FRST.txt
2019-08-01 23:26 - 2019-08-01 23:27 - 000000000 ____D C:\FRST
2019-08-01 23:23 - 2019-08-01 23:23 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-08-01 23:21 - 2019-08-01 23:21 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-08-01 23:20 - 2019-08-01 23:20 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (5).exe
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (4).exe
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (3).exe
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe
2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe
2019-08-01 22:48 - 2019-08-01 23:13 - 000000000 ____D C:\AdwCleaner
2019-08-01 22:47 - 2019-08-01 22:48 - 007623880 _____ (Malwarebytes) C:\Users\Lisa\Downloads\Unconfirmed 176132.crdownload
2019-08-01 22:46 - 2019-08-01 23:09 - 064660208 _____ (Malwarebytes ) C:\Users\Lisa\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11804.exe
2019-08-01 22:46 - 2019-08-01 22:47 - 007623880 _____ (Malwarebytes) C:\Users\Lisa\Downloads\adwcleaner_7.4.exe
2019-07-29 19:55 - 2019-07-31 19:40 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForLisa.job
2019-07-29 19:55 - 2019-07-29 19:55 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLisa
2019-07-28 23:37 - 2019-07-28 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 4
2019-07-28 23:36 - 2019-07-28 23:36 - 000000000 ____D C:\Program Files (x86)\ThinkSky
2019-07-28 23:32 - 2019-07-28 23:33 - 078328880 _____ C:\Users\Lisa\Downloads\itoolssetup_4438 (1).exe
2019-07-26 21:14 - 2019-07-31 19:46 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-24 07:59 - 2019-07-13 01:14 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-07-21 23:30 - 2019-07-30 20:18 - 000000000 _____ C:\Windows\system32\last.dump
2019-07-21 23:25 - 2019-07-21 23:25 - 019476688 _____ (IObit ) C:\Users\Lisa\Downloads\iobituninstaller.exe
2019-07-21 23:25 - 2019-07-21 23:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\IObit
2019-07-21 23:25 - 2019-07-21 23:25 - 000000000 ____D C:\ProgramData\IObit
2019-07-20 15:49 - 2019-07-31 19:52 - 000168896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-07-20 15:49 - 2019-07-20 15:45 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-07-20 15:49 - 2019-07-20 15:43 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-07-20 11:02 - 2019-07-20 11:02 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbam
2019-07-20 11:01 - 2019-07-20 11:01 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-20 11:01 - 2019-07-20 11:01 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbamtray
2019-07-20 11:00 - 2019-07-26 13:01 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\Program Files\Malwarebytes
2019-07-20 11:00 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-20 10:24 - 2019-07-20 10:24 - 000001042 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-07-20 10:22 - 2019-07-20 10:22 - 000002247 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2019-07-20 10:14 - 2019-07-20 10:14 - 000000000 ____D C:\Users\Lisa\Downloads\fxcf.CIS
2019-07-20 10:04 - 2019-07-20 10:04 - 000000000 ____D C:\Users\Lisa\Downloads\k7th.CIS
2019-07-20 10:03 - 2019-07-20 10:03 - 000000000 ____D C:\Users\Lisa\Downloads\516a.CIS
2019-07-20 09:59 - 2019-07-20 09:59 - 000000000 ____D C:\Users\Lisa\Downloads\xcve.CIS
2019-07-09 23:13 - 2019-07-10 00:13 - 004863032 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2019-07-09 10:46 - 2019-06-20 02:11 - 000396896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-07-09 10:46 - 2019-06-20 01:15 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-07-09 10:46 - 2019-06-17 21:21 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-07-09 10:46 - 2019-06-17 21:07 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-07-09 10:46 - 2019-06-17 20:56 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-07-09 10:46 - 2019-06-17 20:56 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-07-09 10:46 - 2019-06-17 20:48 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-07-09 10:46 - 2019-06-17 20:39 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-07-09 10:46 - 2019-06-17 20:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-07-09 10:46 - 2019-06-17 20:39 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-07-09 10:46 - 2019-06-17 20:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-07-09 10:46 - 2019-06-17 20:35 - 002297344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-07-09 10:46 - 2019-06-17 20:32 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-07-09 10:46 - 2019-06-17 20:32 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-07-09 10:46 - 2019-06-17 20:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-07-09 10:46 - 2019-06-17 20:30 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-07-09 10:46 - 2019-06-17 20:29 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-07-09 10:46 - 2019-06-17 20:29 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-07-09 10:46 - 2019-06-17 20:21 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-07-09 10:46 - 2019-06-17 20:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-07-09 10:46 - 2019-06-17 20:20 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-07-09 10:46 - 2019-06-17 20:16 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-07-09 10:46 - 2019-06-17 20:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-07-09 10:46 - 2019-06-17 20:13 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-07-09 10:46 - 2019-06-17 20:11 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-07-09 10:46 - 2019-06-17 20:03 - 013706752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-07-09 10:46 - 2019-06-17 20:03 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-07-09 10:46 - 2019-06-17 20:03 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-07-09 10:46 - 2019-06-17 19:55 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-07-09 10:46 - 2019-06-17 19:41 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-07-09 10:45 - 2019-06-27 22:24 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-07-09 10:45 - 2019-06-27 22:24 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2019-07-09 10:45 - 2019-06-27 22:24 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2019-07-09 10:45 - 2019-06-27 22:24 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2019-07-09 10:45 - 2019-06-27 22:24 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-07-09 10:45 - 2019-06-27 22:23 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2019-07-09 10:45 - 2019-06-27 22:23 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2019-07-09 10:45 - 2019-06-27 22:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2019-07-09 10:45 - 2019-06-27 22:23 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-07-09 10:45 - 2019-06-20 20:09 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-07-09 10:45 - 2019-06-20 20:05 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-07-09 10:45 - 2019-06-20 19:44 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-07-09 10:45 - 2019-06-20 18:41 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-07-09 10:45 - 2019-06-18 20:06 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-07-09 10:45 - 2019-06-18 18:52 - 007081984 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-07-09 10:45 - 2019-06-17 23:41 - 001649664 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-07-09 10:45 - 2019-06-17 21:34 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-07-09 10:45 - 2019-06-17 21:21 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-07-09 10:45 - 2019-06-17 21:09 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-07-09 10:45 - 2019-06-17 21:08 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-07-09 10:45 - 2019-06-17 21:07 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-07-09 10:45 - 2019-06-17 21:07 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-07-09 10:45 - 2019-06-17 21:07 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-07-09 10:45 - 2019-06-17 21:00 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-07-09 10:45 - 2019-06-17 20:59 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-07-09 10:45 - 2019-06-17 20:59 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-07-09 10:45 - 2019-06-17 20:57 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-07-09 10:45 - 2019-06-17 20:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-07-09 10:45 - 2019-06-17 20:56 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-07-09 10:45 - 2019-06-17 20:55 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-07-09 10:45 - 2019-06-17 20:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-07-09 10:45 - 2019-06-17 20:45 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-07-09 10:45 - 2019-06-17 20:38 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-07-09 10:45 - 2019-06-17 20:38 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-07-09 10:45 - 2019-06-17 20:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-07-09 10:45 - 2019-06-17 20:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-07-09 10:45 - 2019-06-17 20:35 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-07-09 10:45 - 2019-06-17 20:34 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-07-09 10:45 - 2019-06-17 20:30 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-07-09 10:45 - 2019-06-17 20:29 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-07-09 10:45 - 2019-06-17 20:21 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-07-09 10:45 - 2019-06-17 20:19 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-07-09 10:45 - 2019-06-17 20:17 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-07-09 10:45 - 2019-06-17 20:17 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-07-09 10:45 - 2019-06-17 20:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-07-09 10:45 - 2019-06-17 20:13 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-07-09 10:45 - 2019-06-17 20:10 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-07-09 10:45 - 2019-06-17 20:07 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-07-09 10:45 - 2019-06-17 20:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-07-09 10:45 - 2019-06-17 20:04 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-07-09 10:45 - 2019-06-17 20:02 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-07-09 10:45 - 2019-06-17 19:44 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-07-09 10:45 - 2019-06-17 19:43 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-07-09 10:45 - 2019-06-17 19:39 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-07-09 10:45 - 2019-06-12 20:25 - 000160488 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-07-09 10:45 - 2019-06-12 20:21 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-07-09 10:45 - 2019-06-12 08:23 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-07-09 10:45 - 2019-06-12 08:23 - 003964136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-07-09 10:45 - 2019-06-12 08:22 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2019-07-09 10:45 - 2019-06-12 08:21 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-07-09 10:45 - 2019-06-12 08:21 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-07-09 10:45 - 2019-06-12 08:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:15 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-07-09 10:45 - 2019-06-12 08:11 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-07-09 10:45 - 2019-06-12 08:11 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-07-09 10:45 - 2019-06-12 08:11 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-07-09 10:45 - 2019-06-12 08:11 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-07-09 10:45 - 2019-06-12 08:10 - 005550824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-07-09 10:45 - 2019-06-12 08:10 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-07-09 10:45 - 2019-06-12 08:09 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2019-07-09 10:45 - 2019-06-12 08:08 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-07-09 10:45 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2019-07-09 10:45 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2019-07-09 10:45 - 2019-06-12 08:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 08:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2019-07-09 10:45 - 2019-06-12 08:04 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2019-07-09 10:45 - 2019-06-12 08:01 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2019-07-09 10:45 - 2019-06-12 07:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-07-09 10:45 - 2019-06-12 07:54 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-07-09 10:45 - 2019-06-12 07:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2019-07-09 10:45 - 2019-06-12 07:49 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2019-07-09 10:45 - 2019-06-12 07:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-07-09 10:45 - 2019-06-12 07:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2019-07-09 10:45 - 2019-06-12 07:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-07-09 10:45 - 2019-06-12 07:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-07-09 10:45 - 2019-06-12 07:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-07-09 10:45 - 2019-06-12 07:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-07-09 10:45 - 2019-06-12 07:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-07-09 10:45 - 2019-06-12 07:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 07:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 07:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 07:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-07-09 10:45 - 2019-06-12 07:42 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-07-09 10:45 - 2019-06-12 07:42 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-07-09 10:45 - 2019-06-12 07:42 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-07-09 10:45 - 2019-06-12 07:42 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-07-09 10:45 - 2019-06-12 07:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-07-09 10:45 - 2019-06-12 07:39 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-07-09 10:45 - 2019-06-12 07:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-07-09 10:45 - 2019-06-12 07:37 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2019-07-09 10:45 - 2019-06-12 07:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2019-07-09 10:45 - 2019-06-12 07:37 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2019-07-09 10:45 - 2019-06-12 07:36 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-07-09 10:45 - 2019-06-12 07:36 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-07-09 10:45 - 2019-06-12 07:36 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-07-09 10:45 - 2019-06-12 07:36 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-07-09 10:45 - 2019-06-12 07:36 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-07-09 10:45 - 2019-06-12 07:36 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-07-09 10:45 - 2019-06-12 07:35 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-07-09 10:45 - 2019-06-12 07:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-07-09 10:45 - 2019-06-10 19:59 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-07-09 10:45 - 2019-06-10 19:59 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-07-09 10:45 - 2019-06-10 19:59 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-07-09 10:45 - 2019-06-07 08:18 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-07-09 10:45 - 2019-06-07 08:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2019-07-09 10:45 - 2019-06-07 08:08 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-07-09 10:45 - 2019-06-07 08:08 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-07-09 10:45 - 2019-06-07 08:08 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-07-09 10:45 - 2019-06-07 08:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-07-09 10:45 - 2019-06-07 07:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2019-07-06 12:47 - 2019-07-19 17:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 23:30 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-01 23:30 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-01 23:18 - 2014-10-19 01:14 - 000000000 ____D C:\Users\Lisa\AppData\LocalLow\AuthenTec
2019-08-01 23:17 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-01 21:13 - 2014-10-19 00:22 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C82FF63-D453-4542-88E6-A3FF32208A88}
2019-08-01 19:47 - 2017-03-04 08:47 - 000000000 ____D C:\Program Files (x86)\Feed Notifier
2019-07-31 19:52 - 2019-01-28 14:05 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-07-31 19:48 - 2019-01-28 14:06 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-07-31 19:39 - 2015-12-29 00:46 - 000000000 ____D C:\Users\DefaultAppPool
2019-07-30 20:08 - 2014-10-19 00:44 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-30 19:33 - 2016-09-15 22:30 - 000002310 ____H C:\Users\Lisa\Documents\Default.rdp
2019-07-29 19:50 - 2014-11-05 14:52 - 000000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps
2019-07-28 10:16 - 2011-11-09 10:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-07-26 10:30 - 2019-01-28 14:05 - 000387896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-07-26 10:14 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2019-07-22 21:54 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache
2019-07-22 14:28 - 2009-07-13 22:13 - 000819210 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-22 14:28 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2019-07-22 14:20 - 2009-07-13 21:45 - 000420368 _____ C:\Windows\system32\FNTCACHE.DAT
2019-07-22 14:12 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-07-22 14:10 - 2014-12-12 10:13 - 000000000 ____D C:\Windows\system32\appraiser
2019-07-22 14:10 - 2014-10-19 03:20 - 000000000 ___SD C:\Windows\system32\CompatTel
2019-07-22 14:10 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\Dism
2019-07-22 09:17 - 2014-10-19 02:51 - 000811824 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-07-22 09:00 - 2014-10-19 01:12 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-07-22 09:00 - 2014-10-19 01:12 - 000000000 ____D C:\Windows\system32\MRT
2019-07-22 00:31 - 2019-01-28 14:10 - 000000000 ____D C:\Users\Lisa\AppData\Local\AVAST Software
2019-07-22 00:31 - 2019-01-28 14:04 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-20 15:45 - 2019-01-28 14:05 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-07-20 15:45 - 2019-01-28 14:05 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-07-20 15:44 - 2019-02-20 00:50 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-07-20 15:44 - 2019-01-28 14:05 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-07-20 15:44 - 2019-01-28 14:05 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-07-20 15:40 - 2019-01-28 14:05 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-07-20 15:40 - 2019-01-28 14:05 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-07-20 15:38 - 2019-01-28 14:05 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-07-20 15:38 - 2019-01-28 14:05 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-07-20 15:38 - 2019-01-28 14:05 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-07-20 10:24 - 2014-10-19 00:22 - 000001042 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-07-19 17:09 - 2017-08-05 09:26 - 000000000 ____D C:\Users\Lisa\AppData\LocalLow\Mozilla
2019-07-10 00:13 - 2019-01-28 17:38 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-07-10 00:13 - 2019-01-28 17:38 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-10 00:13 - 2019-01-28 17:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-07-10 00:13 - 2019-01-28 17:38 - 000000000 ____D C:\Windows\system32\MacromedAddition.txtFRST.txt
2019-07-10 00:13 - 2011-11-09 10:33 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-09 13:05 - 2010-11-20 20:27 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-07-06 12:47 - 2014-10-20 00:08 - 000000000 ____D C:\ProgramData\Mozilla

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-01 10:12
==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Hello nikoncamuser and welcome to Malwarebytes,

Continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/2/19
Scan Time: 11:20 PM
Log File: d118e3d0-b5b6-11e9-bac6-082e5f885e56.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11838
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lisa-HP\Lisa

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 316557
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 38 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3)
Started On Sat Aug  3 00:14:35 2019

Engine: 1.1.16000.6
Signatures: 1.295.1362.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug  3 00:15:31 2019


Return code: 0 (0x0)
2.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug  3 00:15:01 2019


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3)
Started On Sat Aug  3 00:16:01 2019

Engine: 1.1.16000.6
Signatures: 1.295.1362.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug  3 00:25:53 2019


Return code: 0 (0x0)

Fixlog.txt

Link to post
Share on other sites

Hello nikoncamuser,

Open regedit again, navigate to LEGACY_SEGURAZOKD folder again. Right click direct on that folder, select "delete" confirm that action.

Reboot your PC, run one more scan with FRST.

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thanks,

Kevin

Link to post
Share on other sites

Ok, run the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Lets try another way...

Open an elevated command prompt, at the prompt type or copy paste net user administrator /active:yes select enter.

Close out and reboot, you will see a new account "Administartor" select it and follow the prompts through.

Open regedit, navigate to the folder "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SEGURAZOKD" right click direct on LEGACY_SEGURAZOKD folder, select "Delete"

Does it delete..?

Link to post
Share on other sites

It didn't delete. Doing a search I found more instances of the LEGACY_SEGURAZOKD folder. See below. BTW sorry for the choppy response time. I've been busy with errands.

Is there any other way to remove it? Segurazo is not popping up right now, but I just want to make sure that my computer is safe to use.

image.png.a10e1a0863e3c9f8fd9aaa2ee40a311d.png

image.png.6c476abec36a99343f5c006c18d8e6f3.png

image.png.fd850e37d544fadd684ebb8d78652432.png

 

Link to post
Share on other sites

Hello nikoncamuser,

Controlsets 1 and 2 are created backups of CurrentControlSet, the only way to remove this issue maybe via the recovery environment... When windows boots the loaded currentcontrolset will be what is backed up in controset1. If you had a problem booting and wanted to use "Last Known Good Configuration" via F8 then the backup from ControlSet2 would be used....

So i believe the only way to remove this issue will be via the Recovery Environment with an FRST fix loaded and running via a USB stick. The fix would be to remove LEGACY_SEGURAZOKD  entries from controlsets 1 and 2, then when we boot windows normally loaded currentcontrolset should not have the issue running. Does that make sense, do you understand my explanation..?

Do you have a USB stick 4gb or above, do you know how to access the recovery environment...

Thanks,

Kevin

Link to post
Share on other sites

Hiya nikoncamuser,

Instructions for running FRST via the RE follow, read through a couple of times to fully understand the process. Also maybe worthwhile printing off fo reference.

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Also download attached fixlist.txt file (end of reply) and save it to the same USB flashdrive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Windows 7 how to access enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping theF8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlist.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.