[SOLVED] Very long Start-up time

Corday said:
AS Dr M said, it's time for an in place upgrade. If no good, then a compete OS install might be needed.
Click to expand...

Let's see how the in-place upgrade goes. Hopefully, it will work.

If it fails, we will see if any error appears, and then decide if we send gigglepot to the Updates forum or recommend a reset (before thinking about the complete clean install).
 
IT WORKED!!!!! I'm running a full scan now. Looks like it's going to take hours to complete though. It's been about 20 minutes and it's only about 10% complete (unless it goes faster near the end). Maybe I've never run this scan before since I've always had Avast?! So far it found one Severe threat.
 
I ran a Full Scan and a Quick Scan. There were no threats on the quick scan but 1 severe threat on the full scan that was automatically blocked. My shield is now green!
 
Great!

Good to hear that Defender is running normally now! And taking what you said earlier, the initial issue with the long start-up is resolved, right?

Since you upgraded the operating system, it is a good idea to post another set of FRST logs, Addition and FRST, just to check that everything is fine now.
 
Yes, my computer starts between 60-90 seconds now! My Excel files have stayed pinned for the last 2 days so hopefully that is resolved now too.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2022 01
Ran by Lillian (administrator) on DESKTOP-MNATPML (HP HP Pavilion Desktop 590-p0xxx) (09-11-2022 06:44:03)
Running from C:\Users\Lillian\Desktop
Loaded Profiles: Lillian
Platform: Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(C:\Program Files\AMD\CNext\CNext\amddvr.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCopyAccelerator.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335955.inf_amd64_a22a7df1ece66335\B335460\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed] C:\Program Files (x86)\SystemScheduler\WScheduler.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [703312 2017-12-08] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [1660760 2017-06-26] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [WScheduler] => C:\Program Files (x86)\SystemScheduler\WScheduler.exe [331168 2018-03-25] (Splinterware Software Solutions -> Splinterware Software Solutions) [File not signed]
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-18] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [Gaijin.Net Updater] => C:\Users\Lillian\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2793016 2022-10-18] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32696784 2022-10-27] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Run: [MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.88\Installer\chrmstp.exe [2022-10-31] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FD6CD9E-0B7D-4C7E-97A3-AF02A2E085BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28E7D666-D780-43FF-8EE9-2EA079EB8F0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {32DC0AC8-B274-49D7-B512-F88E67AEC293} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {361BC8F8-5B57-45FC-B3B2-F59942D9F47D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {416B6A34-7811-4B65-99F3-49D824D255BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {4A2CBED6-0CD7-4E42-8685-E0B554064DDA} - System32\Tasks\GoogleUpdateTaskMachineUA{83A80D0B-EA32-4F4F-906C-0D0CA47FF735} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-31] (Google LLC -> Google LLC)
Task: {4DC9630D-50AF-492A-BBE9-E6ABF6471CC7} - System32\Tasks\GoogleUpdateTaskMachineCore{23A8FBE5-C5A7-4000-A091-7E3D45C599D2} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-31] (Google LLC -> Google LLC)
Task: {544D99A4-F781-425D-AB9B-E691807CA27C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {781B9A1C-EA0A-4217-8AD8-014C76D6B009} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {92B2DD11-4D28-46D0-A5CC-787D46F7BFED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {992DC982-2CF9-4C3A-B229-8432A1EC8667} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {9D7AD1F7-4D88-4CD8-A3BB-D8F6A7158D9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {AF23F9E8-87DF-471A-BCB3-1F71B5BAC050} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B11C66B8-EB50-41DC-9AE6-C53023F17E37} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {B23021E6-863E-43B9-AE89-6771D8315BB2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D1AA80F8-4A3A-49CB-BBE2-51B063F1CEF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {E1484769-8460-41D6-9417-47F41ED8EC69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [930960 2022-05-11] (HP Inc. -> HP Inc.)
Task: {F22D8845-F310-43DA-BDCC-5FD38D0AC0A1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1f27f15d-e56c-4b9c-9c8a-1b0bfa4ab60e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64324158-2892-4aef-98b3-a8fc4e3bd95d}: [DhcpNameServer] 192.168.0.1
DnsPolicyConfig: [DNS_RESILIENCY_fe3cr.delivery.mp.microsoft.com] => GenericDNSServers=162.159.36.2

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lillian\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-08]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF DefaultProfile: zmh62i5e.default
FF ProfilePath: C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default [2022-11-09]
FF Homepage: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.kijiji.ca/
FF Notifications: Mozilla\Firefox\Profiles\zmh62i5e.default -> hxxps://www.youtube.com; hxxps://www.facebook.com; hxxps://www.teamviewer.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: newtaboverride@agenedia.com
FF NewTabOverride: Mozilla\Firefox\Profiles\zmh62i5e.default -> Enabled: Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com
FF Extension: (Canadian English Dictionary) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\en-CA@dictionaries.addons.mozilla.org.xpi [2021-08-04]
FF Extension: (English (CA) Language Pack) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\langpack-en-CA@firefox.mozilla.org.xpi [2022-11-05]
FF Extension: (New Tab Override) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\newtaboverride@agenedia.com.xpi [2019-12-31]
FF Extension: (Search Defender) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\Search_Defender_yYxTkYUDSW@www.searchdefenderprime.com.xpi [2019-08-05]
FF Extension: (Black and Purple Theme) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{155429d2-8bf5-44bf-94f8-d194c3ec5f15}.xpi [2021-06-16]
FF Extension: (Photon Colors) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-07-30]
FF Extension: (Fairytale Of Nature) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{6804879d-8801-473a-b13d-605b902a5e4f}.xpi [2021-06-15]
FF Extension: (¡Light Blue Theme!) - C:\Users\Lillian\AppData\Roaming\Mozilla\Firefox\Profiles\zmh62i5e.default\Extensions\{f416b4af-c4c9-4607-96ac-77fea7ed4a9b}.xpi [2021-06-16]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default [2022-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-31]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lillian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-31]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable [2022-10-21]
OPR Extension: (Rich Hints Agent) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-01-12]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Lillian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-01-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-09-18] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [305664 2017-11-02] (Realtek Semiconductor Corp.) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-06-30] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-10-28] (Epic Games Inc. -> Epic Games, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8842536 2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [414456 2022-06-11] (Parsec Cloud, Inc. -> Parsec)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe [3191224 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe [133560 2022-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Lillian\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2012-07-31] (Brother Industries, Ltd. -> Brother Industries Ltd.)
R3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2012-06-21] (Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-10-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-20] (Valve Corp. -> )
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49584 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469248 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95528 2022-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 RtkA2dp; \SystemRoot\System32\drivers\RtkA2dp.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-09 06:43 - 2022-11-09 06:43 - 000000901 _____ C:\Users\Lillian\Desktop\FRST64.exe - Shortcut.lnk
2022-11-08 19:01 - 2022-11-08 19:01 - 000000000 ___HD C:\$WinREAgent
2022-11-07 13:47 - 2022-11-07 13:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-11-07 13:47 - 2022-11-07 13:43 - 000000000 ____D C:\Windows.old
2022-11-07 13:44 - 2022-11-07 13:44 - 000000020 ___SH C:\Users\Lillian\ntuser.ini
2022-11-07 13:42 - 2022-11-09 06:46 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B10F1A6A-E096-4CDE-9012-03BBEB909611}
2022-11-07 13:42 - 2022-11-08 07:51 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-11-07 13:42 - 2022-11-08 07:51 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-1001
2022-11-07 13:42 - 2022-11-07 13:42 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-11-07 13:42 - 2022-11-07 13:42 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-07 13:42 - 2022-11-07 13:42 - 000003424 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{83A80D0B-EA32-4F4F-906C-0D0CA47FF735}
2022-11-07 13:42 - 2022-11-07 13:42 - 000003274 _____ C:\WINDOWS\system32\Tasks\Optimize Push Notification Data File-S-1-5-21-520046137-1738454763-4209218755-1001
2022-11-07 13:42 - 2022-11-07 13:42 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-07 13:42 - 2022-11-07 13:42 - 000003200 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{23A8FBE5-C5A7-4000-A091-7E3D45C599D2}
2022-11-07 13:42 - 2022-11-07 13:42 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-520046137-1738454763-4209218755-500
2022-11-07 13:42 - 2022-11-07 13:42 - 000002768 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-11-07 13:42 - 2022-11-07 13:42 - 000002500 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2022-11-07 13:42 - 2022-11-07 13:42 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2022-11-07 13:42 - 2022-11-07 13:42 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2022-11-07 13:42 - 2022-11-07 13:42 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2022-11-07 13:42 - 2022-11-07 13:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\OfficeSoftwareProtectionPlatform
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-11-07 13:42 - 2022-11-07 13:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-11-07 13:42 - 2020-09-27 07:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500
2022-11-07 13:38 - 2022-11-07 13:47 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-11-07 13:36 - 2022-11-07 13:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-11-07 13:36 - 2022-11-07 12:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-11-07 13:28 - 2022-11-07 13:42 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-11-07 13:28 - 2022-11-07 13:42 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-11-07 13:19 - 2022-11-07 13:19 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-11-07 13:19 - 2022-11-07 13:19 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-11-07 13:19 - 2022-11-07 13:19 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-11-07 13:19 - 2022-11-07 13:19 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-11-07 13:19 - 2022-11-07 13:19 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-07 13:18 - 2022-11-07 13:18 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-11-07 13:18 - 2022-11-07 13:18 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-07 13:10 - 2022-11-07 13:10 - 000934938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-07 12:57 - 2022-11-08 07:51 - 000002392 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-07 12:57 - 2022-11-07 13:44 - 000000000 ____D C:\Users\Lillian
2022-11-07 12:56 - 2022-11-07 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2022-11-07 12:55 - 2022-11-07 12:55 - 000000000 ____D C:\Program Files (x86)\AMD
2022-11-07 12:54 - 2022-11-07 13:47 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-11-07 12:54 - 2022-11-07 12:54 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-11-07 12:54 - 2022-11-07 12:54 - 000000000 ____D C:\Program Files\MSBuild
2022-11-07 12:54 - 2022-11-07 12:54 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-11-07 12:54 - 2022-11-07 12:54 - 000000000 ____D C:\inetpub
2022-11-07 12:53 - 2022-11-07 12:53 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Control.lnk
2022-11-07 12:49 - 2022-11-08 19:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-07 12:49 - 2022-11-07 13:04 - 000448712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-07 09:49 - 2022-11-07 13:44 - 000000000 ___DC C:\WINDOWS\Panther
2022-11-07 09:40 - 2022-11-07 09:49 - 000000000 ____D C:\ESD
2022-11-07 09:38 - 2022-11-07 09:38 - 000000000 ___HD C:\$Windows.~WS
2022-11-06 10:38 - 2022-11-06 10:38 - 000007238 _____ C:\Users\Lillian\Desktop\WinDefend.reg
2022-10-31 13:24 - 2022-11-07 09:21 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2022-10-31 13:23 - 2022-11-07 09:29 - 000608464 _____ C:\WINDOWS\ntbtlog.txt
2022-10-31 13:23 - 2022-11-07 09:19 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-10-31 12:58 - 2022-11-07 13:07 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-31 12:57 - 2022-10-31 13:01 - 000000000 ____D C:\Users\Lillian\AppData\Local\Google
2022-10-31 12:57 - 2022-10-31 12:57 - 000000000 ____D C:\Program Files\Google
2022-10-31 12:44 - 2022-10-31 12:45 - 000080510 _____ C:\Users\Lillian\Desktop\Chrome bookmarks_10_31_22.html
2022-10-31 12:27 - 2022-10-31 12:27 - 001427176 _____ (Google LLC) C:\Users\Lillian\Desktop\ChromeSetup.exe
2022-10-31 11:08 - 2022-10-31 11:08 - 000002227 _____ C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2022-10-28 10:15 - 2022-10-28 10:15 - 000000000 ____D C:\Users\Lillian\AppData\Local\EpicOnlineServicesUserHelper
2022-10-26 15:13 - 2022-10-26 15:13 - 000000152 _____ C:\Users\Lillian\AppData\Local\kritadisplayrc
2022-10-26 09:39 - 2022-10-26 09:39 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2022-10-26 09:39 - 2022-10-26 09:39 - 000000000 ____D C:\Program Files (x86)\Microsoft GameInput
2022-10-26 09:15 - 2022-11-06 10:51 - 000002967 _____ C:\Users\Lillian\Desktop\FSS.txt
2022-10-26 09:15 - 2022-10-26 09:15 - 000958976 _____ (Farbar) C:\Users\Lillian\Desktop\FSS.exe
2022-10-26 05:36 - 2022-11-07 09:30 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-10-26 05:36 - 2022-10-26 05:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-10-26 05:36 - 2022-10-26 05:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-10-26 05:36 - 2022-10-26 05:35 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-10-26 05:36 - 2022-10-26 05:35 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-10-26 05:35 - 2022-10-26 05:35 - 002632256 _____ (Malwarebytes) C:\Users\Lillian\Desktop\MBSetup-614F9D64-37335.37335.exe
2022-10-26 05:35 - 2022-10-26 05:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-26 05:35 - 2022-10-26 05:35 - 000000000 ____D C:\Program Files\Malwarebytes
2022-10-26 05:33 - 2022-10-26 05:37 - 000000000 ____D C:\AdwCleaner
2022-10-26 05:33 - 2022-10-26 05:33 - 008791352 _____ (Malwarebytes) C:\Users\Lillian\Desktop\adwcleaner(1).exe
2022-10-26 05:32 - 2022-10-26 05:32 - 008551608 _____ (Malwarebytes) C:\Users\Lillian\Desktop\AdwCleaner.exe
2022-10-21 13:04 - 2022-11-04 11:58 - 000000591 _____ C:\Users\Lillian\Desktop\Fixlog.txt
2022-10-21 12:25 - 2022-11-07 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2022-10-21 12:25 - 2022-10-21 12:25 - 007531152 _____ (VS Revo Group ) C:\Users\Lillian\Desktop\revosetup.exe
2022-10-21 12:25 - 2022-10-21 12:25 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-10-21 12:25 - 2022-10-21 12:25 - 000000000 ____D C:\Program Files\VS Revo Group
2022-10-15 15:41 - 2022-11-07 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2022-10-15 15:41 - 2022-10-15 15:41 - 000000924 _____ C:\Users\Public\Desktop\Overwatch.lnk
2022-10-15 15:02 - 2022-10-28 18:53 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-10-15 14:50 - 2022-11-03 18:42 - 000000000 ____D C:\Users\Lillian\AppData\Local\Battle.net
2022-10-15 14:50 - 2022-10-15 15:43 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Battle.net
2022-10-15 14:49 - 2022-11-07 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2022-10-15 14:49 - 2022-10-21 20:26 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-10-15 14:49 - 2022-10-15 14:49 - 000000936 _____ C:\Users\Public\Desktop\Battle.net.lnk
2022-10-15 14:48 - 2022-10-15 14:48 - 004838352 _____ (Blizzard Entertainment) C:\Users\Lillian\Desktop\Battle.net-Setup.exe
2022-10-14 05:49 - 2022-10-14 05:49 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-3.pdf
2022-10-14 05:48 - 2022-10-14 05:48 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-6.pdf
2022-10-13 12:38 - 2022-10-22 18:22 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2022-10-13 12:38 - 2022-10-22 18:22 - 000002131 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2022-10-12 12:45 - 2022-10-31 12:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-11 19:08 - 2022-10-11 19:08 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-5.pdf
2022-10-11 19:06 - 2022-10-11 19:06 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-2.pdf
2022-10-11 19:05 - 2022-10-11 19:05 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-4.pdf
2022-10-10 17:32 - 2022-10-10 17:32 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb-1.pdf
2022-10-10 17:32 - 2022-10-10 17:32 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-3.pdf
2022-10-10 13:31 - 2022-10-10 13:31 - 001088803 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_4a5387bb.pdf
2022-10-10 13:20 - 2022-10-10 13:20 - 001040732 _____ C:\Users\Lillian\Downloads\Cascades Fluff & Tuff_7b7fa0db-2.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-11-09 06:48 - 2022-10-05 10:24 - 000023393 _____ C:\Users\Lillian\Desktop\FRST.txt
2022-11-09 06:47 - 2022-10-05 10:22 - 000000000 ____D C:\FRST
2022-11-09 06:44 - 2022-02-28 13:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-09 06:43 - 2022-10-05 10:24 - 000000000 ____D C:\Users\Lillian\Desktop\FRST-OlderVersion
2022-11-09 06:43 - 2022-10-05 10:21 - 002375168 _____ (Farbar) C:\Users\Lillian\Desktop\FRST64.exe
2022-11-09 06:43 - 2018-05-13 09:55 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Mozilla
2022-11-09 06:36 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-09 06:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-09 06:31 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-09 06:28 - 2018-05-14 05:01 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-08 19:41 - 2018-06-23 06:03 - 000000000 ____D C:\Users\Lillian\AppData\Local\D3DSCache
2022-11-08 19:34 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2022-11-08 19:34 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-08 19:00 - 2018-05-13 10:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-08 18:53 - 2018-05-13 10:27 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-08 06:30 - 2020-07-16 05:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-08 06:28 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-08 06:24 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-11-07 15:50 - 2020-09-27 07:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-07 14:29 - 2018-05-14 13:12 - 000001365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2022-11-07 14:01 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-11-07 13:48 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-11-07 13:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-11-07 13:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-11-07 13:48 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Registration
2022-11-07 13:48 - 2018-02-10 02:12 - 000000000 ____D C:\WINDOWS\SysWOW64\WildTangent
2022-11-07 13:47 - 2022-04-04 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2021
2022-11-07 13:47 - 2022-03-27 21:01 - 000000000 ____D C:\WINDOWS\system32\gf2engine
2022-11-07 13:47 - 2022-02-26 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec
2022-11-07 13:47 - 2021-08-06 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Krita
2022-11-07 13:47 - 2021-05-06 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2022-11-07 13:47 - 2021-04-12 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2020
2022-11-07 13:47 - 2020-04-27 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2019
2022-11-07 13:47 - 2020-01-07 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-11-07 13:47 - 2019-12-07 02:18 - 000000000 ____D C:\WINDOWS\Setup
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-11-07 13:47 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-11-07 13:47 - 2019-06-19 05:26 - 000000000 ____D C:\Program Files\UNP
2022-11-07 13:47 - 2019-04-16 05:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2017
2022-11-07 13:47 - 2019-04-10 05:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2018
2022-11-07 13:47 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-11-07 13:47 - 2018-06-20 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-11-07 13:47 - 2018-06-01 19:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2022-11-07 13:47 - 2018-05-22 05:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-07 13:47 - 2018-05-18 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-11-07 13:47 - 2018-05-16 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2022-11-07 13:47 - 2018-05-16 05:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2022-11-07 13:47 - 2018-05-16 05:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft PaperPort 11
2022-11-07 13:47 - 2018-05-14 13:13 - 000000000 ____D C:\WINDOWS\en
2022-11-07 13:47 - 2018-05-14 13:12 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2022-11-07 13:47 - 2018-05-14 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Scheduler
2022-11-07 13:47 - 2018-05-14 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2022-11-07 13:47 - 2018-05-14 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2022-11-07 13:47 - 2018-05-14 09:22 - 000000000 ____D C:\WINDOWS\SHELLNEW
2022-11-07 13:47 - 2017-12-25 12:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2022-11-07 13:45 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-07 13:44 - 2020-09-27 07:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-11-07 13:44 - 2018-05-13 09:38 - 000000000 ___RD C:\Users\Lillian\3D Objects
2022-11-07 13:43 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-07 13:43 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-07 13:42 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-07 13:40 - 2018-02-10 01:43 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2022-11-07 13:39 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Resources
2022-11-07 13:38 - 2018-02-10 01:44 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2022-11-07 13:38 - 2018-02-10 01:42 - 000000000 ____D C:\Program Files\Realtek
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-11-07 13:26 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-07 13:25 - 2019-12-07 02:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-11-07 13:25 - 2019-12-07 02:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-11-07 13:18 - 2019-12-07 02:14 - 000000000 __RSD C:\WINDOWS\Media
2022-11-07 13:04 - 2021-03-24 22:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-07 13:03 - 2021-05-12 10:42 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-11-07 13:03 - 2019-12-07 02:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2022-11-07 13:03 - 2018-06-01 19:28 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-11-07 13:03 - 2018-06-01 19:16 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\.minecraft
2022-11-07 13:03 - 2018-05-22 05:08 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-11-07 13:03 - 2018-05-16 11:39 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2022-11-07 13:03 - 2018-02-10 01:44 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-11-07 12:59 - 2020-03-24 11:57 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-11-07 12:59 - 2018-05-13 09:38 - 000000000 ____D C:\Users\Lillian\AppData\Local\Packages
2022-11-07 12:55 - 2018-02-10 01:43 - 000000000 ____D C:\Program Files\AMD
2022-11-07 12:54 - 2022-09-07 20:08 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2022-11-07 12:54 - 2022-09-07 20:08 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2022-11-07 12:54 - 2022-09-07 20:08 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2022-11-07 12:54 - 2022-09-07 20:08 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2022-11-07 12:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-11-07 12:54 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-11-07 12:54 - 2019-12-07 02:10 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2022-11-07 12:54 - 2019-12-07 02:10 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2022-11-07 12:54 - 2019-12-07 02:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2022-11-07 12:54 - 2019-12-07 02:10 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2022-11-07 12:54 - 2019-12-07 02:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2022-11-07 12:54 - 2019-12-07 02:09 - 000006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2022-11-07 12:53 - 2020-09-27 07:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-07 12:53 - 2018-02-10 01:43 - 000562622 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2022-11-07 12:53 - 2018-02-10 01:42 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-11-04 12:19 - 2022-10-05 10:33 - 000066365 _____ C:\Users\Lillian\Desktop\Addition.txt
2022-11-04 11:56 - 2018-05-16 10:15 - 000000000 ____D C:\Users\Lillian\Documents\Lillian
2022-11-04 10:09 - 2017-09-29 06:46 - 000000199 _____ C:\WINDOWS\win.ini
2022-11-03 20:32 - 2018-07-09 20:25 - 000000000 ____D C:\Users\Lillian\AppData\Local\CrashDumps
2022-11-03 14:29 - 2018-06-01 19:30 - 000001430 _____ C:\Users\Lillian\Desktop\Roblox Player.lnk
2022-11-03 14:28 - 2018-06-01 19:28 - 000001253 _____ C:\Users\Lillian\Desktop\Roblox Studio.lnk
2022-10-31 12:03 - 2018-05-13 09:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-31 11:47 - 2018-05-13 09:46 - 000000000 ____D C:\Users\Lillian\AppData\Local\ElevatedDiagnostics
2022-10-31 11:08 - 2018-05-13 09:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-28 18:52 - 2018-06-01 19:28 - 000000253 _____ C:\Users\Lillian\AppData\LocalLow\rbxcsettings.rbx
2022-10-28 15:32 - 2019-10-19 19:44 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2022-10-26 15:13 - 2021-08-06 10:25 - 000028828 _____ C:\Users\Lillian\AppData\Local\kritarc
2022-10-26 09:38 - 2021-11-20 09:32 - 000153048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-10-26 09:38 - 2021-11-07 08:55 - 002815456 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-10-26 09:38 - 2021-11-07 08:55 - 000452048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-10-26 09:38 - 2021-11-07 08:55 - 000243168 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-10-26 09:38 - 2021-11-07 08:55 - 000198096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-10-26 09:38 - 2021-11-07 08:55 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-10-25 20:25 - 2018-05-22 05:01 - 000000000 ____D C:\Program Files (x86)\Steam
2022-10-25 19:22 - 2018-05-16 11:39 - 000000000 ____D C:\Users\Lillian\AppData\Local\WarThunder
2022-10-23 19:58 - 2020-03-24 11:57 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\discord
2022-10-23 19:56 - 2022-08-03 11:35 - 000000000 ____D C:\Users\Lillian\AppData\Local\Discord
2022-10-23 19:55 - 2020-03-24 11:57 - 000002244 _____ C:\Users\Lillian\Desktop\Discord.lnk
2022-10-22 11:09 - 2021-08-06 10:25 - 000000000 ____D C:\Users\Lillian\AppData\Roaming\krita
2022-10-21 13:56 - 2020-09-22 19:47 - 000000000 ____D C:\Users\Lillian\AppData\LocalLow\Temp
2022-10-21 12:15 - 2018-12-20 22:31 - 000005146 _____ C:\WINDOWS\wininit.ini
2022-10-15 15:02 - 2020-07-14 07:37 - 000000000 ____D C:\Users\Lillian\AppData\Local\Blizzard Entertainment
2022-10-12 03:39 - 2022-06-10 18:28 - 000316920 _____ (Microsoft Corporation) C:\WINDOWS\system32\GameInputRedist.dll
2022-10-12 01:55 - 2022-06-10 18:28 - 000199672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GameInputRedist.dll
2022-10-10 13:37 - 2022-10-05 13:09 - 000436986 _____ C:\Users\Lillian\Desktop\Cascades Coupon.xlsx

==================== Files in the root of some directories ========

2018-05-14 10:44 - 2018-05-14 11:29 - 000026726 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (DOS).ADR
2018-05-14 11:24 - 2018-05-14 11:24 - 000026950 _____ () C:\Users\Lillian\AppData\Roaming\Comma Separated Values (Windows).ADR
2018-05-13 09:38 - 2022-11-09 06:29 - 002172781 _____ () C:\Users\Lillian\AppData\Local\BTServer.log
2021-04-12 10:29 - 2021-04-12 10:29 - 000000118 _____ () C:\Users\Lillian\AppData\Local\HeartbeatCache.xml
2021-08-06 18:18 - 2021-08-06 18:18 - 000000356 _____ () C:\Users\Lillian\AppData\Local\karboncalligraphyrc
2021-08-06 10:25 - 2022-10-26 15:12 - 000002546 _____ () C:\Users\Lillian\AppData\Local\krita-sysinfo.log
2021-08-06 10:25 - 2022-10-26 15:13 - 000498617 _____ () C:\Users\Lillian\AppData\Local\krita.log
2021-08-06 21:12 - 2021-10-05 17:59 - 000080678 _____ () C:\Users\Lillian\AppData\Local\kritacrash.log
2022-10-26 15:13 - 2022-10-26 15:13 - 000000152 _____ () C:\Users\Lillian\AppData\Local\kritadisplayrc
2021-08-06 10:25 - 2022-10-26 15:13 - 000028828 _____ () C:\Users\Lillian\AppData\Local\kritarc
2022-02-25 15:49 - 2022-02-25 15:49 - 000016438 _____ () C:\Users\Lillian\AppData\Local\partner.bmp
2019-09-06 08:51 - 2019-09-06 08:51 - 000000017 _____ () C:\Users\Lillian\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2022 01
Ran by Lillian (09-11-2022 06:55:10)
Running from C:\Users\Lillian\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) (2022-11-07 20:43:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-520046137-1738454763-4209218755-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-520046137-1738454763-4209218755-503 - Limited - Disabled)
Guest (S-1-5-21-520046137-1738454763-4209218755-501 - Limited - Disabled)
Lillian (S-1-5-21-520046137-1738454763-4209218755-1001 - Administrator - Enabled) => C:\Users\Lillian
WDAGUtilityAccount (S-1-5-21-520046137-1738454763-4209218755-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.003.20263 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0217.4117 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.88 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Customer Experience Enhancements (HKLM-x32\...\{9720A595-3D2D-440E-9523-0B6F970745DD}) (Version: 6.0.11.1 - HP Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{16311D0B-D57C-46F8-AE64-9D4D44227271}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{4C246A91-6BAE-450E-BDEA-70D01663DF43}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{78525DEA-1E62-429B-9CA4-A78F899A9F29}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B2CFD444-5088-4ECC-A1F1-28620C082C36}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3D00C669-D447-4A04-AFDA-25E9E76E7873}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{59649835-21FD-4523-9AB0-9E67ED77F0CA}) (Version: 5.5.22560 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{BD2CDEAF-8D83-4553-A3B3-8B614CC6C96E}) (Version: 1.1.0.0 - HP Inc)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM-x32\...\{4E097B06-83A0-4CDD-A9DB-22F0744FE16A}) (Version: 1.0.0.43 - HP Inc.) Hidden
HP System Event Utility (HKLM-x32\...\{2282C4AC-ADFD-4CB7-962E-D700F62024E6}) (Version: 1.4.27 - HP Inc.)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Krita (x64) 4.4.5 (HKLM\...\Krita_x64) (Version: 4.5.4.0 - Krita Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.16.217 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.16.217 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{B71DA3AB-24EC-9E95-A79B-7B5F92B0CEDD}) (Version: 10.1.22621.1846 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\OneDriveSetup.exe) (Version: 22.217.1016.0002 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40649 (HKLM\...\{20C1086D-C843-36B1-B678-990089D1BD44}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40649 (HKLM\...\{ABB19BB4-838D-3082-BDA4-87C6604181A2}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40649 (HKLM-x32\...\{A8589745-51BC-3963-B4E9-201CF8693538}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40649 (HKLM-x32\...\{DEA7F8E3-B7B9-3C3C-945B-7F8CE9041748}) (Version: 12.0.40649 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30135 (HKLM-x32\...\{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30135 (HKLM\...\{34DB4181-0770-4B5A-B561-68758A077B0F}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30135 (HKLM\...\{40118CD9-A805-400C-864E-041A5B5C01B0}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minecraft Launcher (HKLM-x32\...\{EEFE9D96-1866-45BC-9D11-6AA7FF2D6E18}) (Version: 1.0.0.0 - Mojang)
Minecraft: Education Edition (HKLM-x32\...\Minecraft: Education Edition 1.17.30.52) (Version: 1.17.30.52 - Microsoft Studios)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.3 (x64 en-US)) (Version: 106.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parsec (HKLM-x32\...\Parsec) (Version: 150-84b - Parsec Cloud Inc.)
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.80 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8924.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.105 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.4.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.1 - VS Revo Group, Ltd.)
Roblox Player for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Lillian (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}) (Version: - Microsoft) Hidden
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2017 (HKLM-x32\...\{99CAAE52-3DB3-4012-90A6-392CFE63BE51}) (Version: 13.0.5.0 - BHOK IT Consulting)
StudioTax 2018 (HKLM-x32\...\{B77DD0D3-CBDA-4A1B-BB14-1B8782DE95AF}) (Version: 14.0.4.0 - BHOK IT Consulting)
StudioTax 2019 (HKLM-x32\...\{6BA4B986-CB27-414F-B68E-E78722FC8EF5}) (Version: 15.0.6.0 - BHOK IT Consulting)
StudioTax 2020 (HKLM\...\{00A4E24D-F868-4D20-83E2-4EC0A569B305}) (Version: 16.0.6.0 - BHOK IT Consulting Inc.)
StudioTax 2021 (HKLM\...\{582AD570-5F28-466D-9BAD-FEAE9FEB9098}) (Version: 17.0.3.0 - BHOK IT Consulting Inc.)
System Scheduler 5.12 (HKLM-x32\...\Windows Scheduler_is1) (Version: - Splinterware Software Solutions)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.100 (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{BAD984EE-790E-4513-A428-3BE2D426DCA7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (HKLM-x32\...\{E703613B-BDAB-433E-A66A-DE0263E3D35D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{A2DC527D-FA79-46E9-973F-920897CA55E9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)

Packages:
=========
Candy Crush Jelly Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushJellySaga_3.0.2.0_x64__kgqvnymyfvs32 [2022-11-08] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2390.5.0_x64__kgqvnymyfvs32 [2022-10-31] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.230.400.0_x64__kgqvnymyfvs32 [2022-11-03] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.15.667.0_x64__rz1tebttyb220 [2022-11-05] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.464.0_x86__v10z8vjag6ke6 [2018-02-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa [2022-11-07] (Apple Inc.) [Startup Task]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.11010.438.0_x64__8wekyb3d8bbwe [2022-10-19] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.15726.20174.0_x86__8wekyb3d8bbwe [2022-11-03] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.4101.0_x64__8wekyb3d8bbwe [2022-11-04] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-08-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-26] (CYBERLINKCOM CORP)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.84.0_x64__qt5r5pa5dyg8m [2022-06-06] (WildTangent Games)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-10-26] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-05-16 05:15 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:21 - 2018-04-24 21:21 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-06-10 13:36 - 2005-04-21 21:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2018-05-16 05:15 - 2012-06-05 14:59 - 000025299 ____R (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2018-05-16 05:15 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2018-05-16 05:15 - 2009-12-23 14:45 - 000327680 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2018-05-16 05:15 - 2009-12-25 14:08 - 000208896 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2018-05-16 05:15 - 2011-10-07 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2020-06-10 13:36 - 2012-07-05 04:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2022-07-15 18:00 - 2022-07-15 18:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-02-10 01:46 - 2017-06-20 20:03 - 000289280 _____ (Realtek Semiconductor Corporation) [File not signed] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\StereoControl.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 02:15 - 2018-11-08 02:15 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-520046137-1738454763-4209218755-1001 -> {59BB01F4-917F-4306-A333-D04F603FDF5E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2022-10-26 13:36 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-520046137-1738454763-4209218755-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hp backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
HKU\S-1-5-21-520046137-1738454763-4209218755-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_43F426C6868B5A0207B840D9EE29A62D"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17960F88-E433-496C-8DBA-B4871927783B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{022834FD-731E-494E-9A12-468430DC6338}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.15726.20174.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{76E3FBF8-E80E-414F-8E30-8CC8A655F1B2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{471E6F68-56D0-466F-8618-FBAC2D5DE47E}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Block) C:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [TCP Query User{96D8D3C7-6E69-4DF6-B271-64D3ECBB368B}C:\program files\epic games\fallguys\fallguys_client_game.exe] => (Block) C:\program files\epic games\fallguys\fallguys_client_game.exe () [File not signed]
FirewallRules: [UDP Query User{AED6554B-4D1E-4218-BD70-E5994257812C}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{E14634A4-2BB5-4910-8A5E-21DBCDB465B2}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{48BD2ADD-D0DC-49CD-B781-7B5ADBFEC3DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D12D8EA3-FF54-46DA-BB0B-9FC28455DA81}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4399FF38-B1B8-49F5-AF35-6889E6BAA91F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DB8CC390-52A1-46EC-BCC2-734A0E75A318}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{084AC05A-1927-4993-A1D6-528DA80519E8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{51404A8E-B93D-45B1-8FDB-882FD31C3A05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82F9206D-42D2-43ED-88CA-1577102EBD30}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4948504E-FD28-4614-9DBE-0CEE7EF9029E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A6D359DF-9D3B-4D6E-AA08-B012873FA372}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EF4DA5C5-04BC-4F18-8A66-38C97FBD399F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2BF1649-BB5A-4148-BF36-518B8AA92426}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FBB18DEB-DE8F-4596-AB48-3D1C2EB5E11B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF86F023-74B9-43B8-A8D6-939AA7C9660A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3392029C-ACE4-46DC-9073-DACC4A508995}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BAEE34D8-5D59-49D2-8CCF-9DF31F343458}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2593AF6F-4C56-4247-AED3-330AD94CED34}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D261F8E3-2355-49F5-B71A-A7FECE6C701D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57B4AA68-AE3C-45FC-A5E7-2D0C80D3171B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7B393940-8C3F-4BBB-B638-C671661BAE3F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4D8D4F49-73A2-4A42-BACD-95355A3955E9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12126.1.57048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

08-11-2022 06:27:12 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/08/2022 09:29:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15547

Error: (11/08/2022 09:29:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15547

Error: (11/08/2022 09:29:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/08/2022 09:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gameinputsvc.exe, version: 0.2210.22621.1846, time stamp: 0x79ac3219
Faulting module name: ntdll.dll, version: 10.0.19041.2130, time stamp: 0xb5ced1c6
Exception code: 0xc0000374
Fault offset: 0x00000000000ff6a9
Faulting process id: 0x2554
Faulting application start time: 0x01d8f3f3d94bf76b
Faulting application path: C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 70969013-a829-4e7e-bc52-9a547b71eb23
Faulting package full name:
Faulting package-relative application ID:

Error: (11/08/2022 12:59:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-MNATPML.local already in use; will try DESKTOP-MNATPML-2.local instead

Error: (11/08/2022 12:59:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-MNATPML.local. Addr 192.168.0.10

Error: (11/08/2022 12:59:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.10:5353 16 DESKTOP-MNATPML.local. AAAA FD00:9050:CAA9:4D31:590B:046E:F71D:6ADF

Error: (11/08/2022 12:59:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-MNATPML.local. AAAA FE80:0000:0000:0000:C8C6:A410:6CA7:4308


System errors:
=============
Error: (11/07/2022 10:23:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MNATPML)
Description: The server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} did not register with DCOM within the required timeout.

Error: (11/07/2022 01:03:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (11/07/2022 01:03:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Parsec service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/07/2022 01:01:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (11/07/2022 01:01:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (11/07/2022 12:59:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (11/07/2022 12:59:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (11/07/2022 12:57:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.


Windows Defender:
================
Date: 2022-11-08 16:50:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-11-08 15:48:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-11-07 15:50:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2022-11-09 06:43:32
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\amdihk64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-11-08 15:50:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.

Date: 2022-11-08 15:50:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.

Date: 2022-11-08 15:48:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.05 01/29/2018
Motherboard: HP 8433
Processor: AMD A12-9800 RADEON R7, 12 COMPUTE CORES 4C+8G
Percentage of memory in use: 32%
Total physical RAM: 15788.77 MB
Available physical RAM: 10591.72 MB
Total Virtual: 18220.77 MB
Available Virtual: 12260.75 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:915.17 GB) (Free:437.52 GB) (Model: ST1000DM003-1SB102) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.1 GB) (Free:1.75 GB) (Model: ST1000DM003-1SB102) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{15888f61-fc32-4387-9ceb-4a16a8a4cf76}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.46 GB) NTFS
\\?\Volume{3a67c860-4f4a-07bf-1000-5763d3e2c1e4}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
\\?\Volume{70f7596f-bd69-4bba-9479-6592ca6c93bd}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt =======================
 
Great. 😎

Now, you have a computer working fine. Microsoft Defender is running properly, and it's a security platform which can effectively protect you. It's up to you if you decide to go again with a 3rd party antivirus.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 
I see that I still have some programs on my desktop like Revo, Malwarebytes, Windefend, FRST.exe, Media Creation tool. Do I try to uninstall them through Programs?

Should I keep Media Creation Tool in case I have to reinstall Windows 10 again?



# Run at 09-Nov-2022 1:16:44 PM
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Lillian from C:\Users\Lillian\Desktop
# Computer Name: DESKTOP-MNATPML
# OS: Windows 10 X64 (19045)
# Number of passes: 3

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Lillian\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2022-11-09-13-16-44

- Delete Tools -


## AdwCleaner
[OK] C:\Users\Lillian\Desktop\adwcleaner(1).exe deleted
[OK] C:\Users\Lillian\Desktop\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\Lillian\Desktop\Addition.txt deleted
[OK] C:\Users\Lillian\Desktop\Fixlog.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\Lillian\Desktop\FRST.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted

## FSS
[OK] C:\Users\Lillian\Desktop\FSS.exe deleted
[OK] C:\Users\Lillian\Desktop\FSS.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Modules Installer created at 11/08/2022 13:27:12 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 11/09/2022 20:18:36

-- KPRM finished in 198.94s --

# Run at 09-Nov-2022 1:16:44 PM
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Lillian from C:\Users\Lillian\Desktop
# Computer Name: DESKTOP-MNATPML
# OS: Windows 10 X64 (19045)
# Number of passes: 3

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Lillian\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2022-11-09-13-16-44

- Delete Tools -


## AdwCleaner
[OK] C:\Users\Lillian\Desktop\adwcleaner(1).exe deleted
[OK] C:\Users\Lillian\Desktop\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\Lillian\Desktop\Addition.txt deleted
[OK] C:\Users\Lillian\Desktop\Fixlog.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\Lillian\Desktop\FRST.txt deleted
[OK] C:\Users\Lillian\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted

## FSS
[OK] C:\Users\Lillian\Desktop\FSS.exe deleted
[OK] C:\Users\Lillian\Desktop\FSS.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Windows Modules Installer created at 11/08/2022 13:27:12 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 11/09/2022 20:18:36

-- KPRM finished in 198.94s --
 
Hi!

I see that I still have some programs on my desktop like Revo, Malwarebytes, Windefend, FRST.exe, Media Creation tool. Do I try to uninstall them through Programs?

Should I keep Media Creation Tool in case I have to reinstall Windows 10 again?
Click to expand...

You can keep or uninstall Revo and Malwarebytes, the decision is yours. My recommendation is to keep both. The former is a good uninstaller, and the latter is a good anti-malware solution, which can keep you safe along with Defender, if you decide to go with it.

Delete Windefend.reg, FRST.exe (the log above says that it was deleted, but in case it is still there) and Media Creation tool. If you need to repeat what we did, you need to download the latest tool, from Microsoft's page.

Any other question? :)
 
I'm going to stick with Windows Defender but are there any other programs I should run on a weekly or monthly basis? Adware or Malwarebytes or any other type of scan?
 
You can use Malwarebytes occasionally, from time to time, depending on how often you use your computer. This, along with Defender, will keep you safe, assuming that you follow the basic safe computing practices, which I am posting below for you. Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows 10 antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.
ZZZQehw.gif



I'm glad we were able to help you.
 
Thank you for all that information. Some things I didn't know.

I was not able to uninstall Windefend.reg or Media Creation Tool because they don't show up in my Programs list. Is it enough to just delete them from the Desktop?
 
As I wrote above:

Delete Windefend.reg, FRST.exe (the log above says that it was deleted, but in case it is still there) and Media Creation tool.
Click to expand...

So yes, just delete them. :-)
 
I was wondering if just deleting them off the Desktop would still keep them on the computer somewhere.

I just wanted to say a HUGE THANK YOU for helping me. I learned a lot and am so happy my computer is clean and starts up so fast!
 
Back
Top