[wild tangent games]Infected with Social Tab (?) and keep getting redirected to Yahoo

07-09 13:15

  I use Firefox and have Google set as my default browser (checked in the settings) but every time I put in a search the browser is redirected to Yahoo. I checked my Firefox extensions and add-ons and I don’t see anything to remove that is causing this. I also went through the steps you have listed here and reset the settings on Firefox but it hasn’t stopped.

  ?

  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021

  Ran by Amy (administrator) on AMYSLAPTOP (TOSHIBA Satellite Radius P55W-B) (30-04-2021 10:13:24)

  Running from C:\Users\Amy\Desktop

  Loaded Profiles: Amy

  Platform: Windows 10 Home Version 2004 19041.928 (X64) Language: English (United States)

  Default browser: FF

  Boot Mode: Normal

  ====================Processes (Whitelisted)=================

  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

  (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

  (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

  (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

  (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe

  (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

  (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe

  (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe

  (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

  (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

  (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe

  (Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

  (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

  (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe

  (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe

  (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

  (Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

  (Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe

  (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

  (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe

  (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe

  (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

  (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

  (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\CommService.exe

  (Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe

  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe

  (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe

  (Intel Corporation – Intel? Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel? Management Engine Components\DAL\jhi_service.exe

  (Intel Corporation – Intel? Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel? Management Engine Components\FWService\IntelMeFWService.exe

  (Intel Corporation – Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel? Management Engine Components\LMS\LMS.exe

  (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe

  (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe

  (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe

  (Intel Corporation -> Intel? Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

  (Intel Corporation -> Intel? Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

  (Intel Corporation -> Intel? Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

  (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe

  (Intel? Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe

  (Intel? Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe

  (Intel? Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe

  (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

  (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

  (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

  (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Users\Amy\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\FileCoAuth.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Users\Amy\AppData\Local\Microsoft\OneDrive\OneDrive.exe

  (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

  (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

  (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe

  (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

  (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs

  ode.exe

  (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs

  ode.exe

  (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe

  (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\TOSHIBA System Driver\TOSTABSYSSVC.exe

  (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

  (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe

  (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Brightness Adjust\TosBrightnessAdjust.exe

  (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

  (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

  (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

  (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

  (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

  (Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

  ====================Registry (Whitelisted)===================

  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

  HKLM\…\Run: [ETDCtrl]=> C:\Program Files\Elantech\ETDCtrl.exe [3363544 2015-12-10] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)

  HKLM\…\Run: [cAudioFilterAgent]=> C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.) [File not signed]

  HKLM\…\Run: [SmartAudio]=> C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)

  HKLM\…\Run: [TecoResident]=> C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

  HKLM\…\Run: [TCrdMain]=> C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

  HKLM\…\Run: [TSSSrv]=> C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

  HKLM\…\Run: [ThpSrv]=> C:\Windows\system32 hpsrv /logon

  HKLM\…\Run: [TosBrightnessAdjust]=> C:\Program Files\Toshiba\Brightness Adjust\TosBrightnessAdjust.exe [77408 2014-06-03] (TOSHIBA CORPORATION -> Toshiba Corporation)

  HKLM\…\Run: [AdobeGCInvoker-1.0]=> C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

  HKLM\…\Run: [iTunesHelper]=> C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-09-09] (Apple Inc. -> Apple Inc.)

  HKLM\…\Run: [AdobeAAMUpdater-1.0]=> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

  HKLM\…\Run: [Emsisoft Anti-Malware]=> C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9247488 2021-04-29] (Emsisoft Ltd -> Emsisoft Ltd)

  HKLM-x32\…\Run: [ISUSPM]=> C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)

  HKLM-x32\…\Run: [Adobe Creative Cloud]=> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2021-02-19] (Adobe Inc. -> Adobe Inc.)

  HKLM-x32\…\Run: [Adobe CCXProcess]=> C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-17] (Adobe Inc. -> )

  HKLM-x32\…\Run: [Acrobat Assistant 8.0]=> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5237416 2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

  HKLM-x32\…\Run: []=> [X]

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [Skype]=> C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Software Sarl -> Skype Technologies S.A.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [iCloudDrive]=> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [Google Update]=> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.82\GoogleUpdateCore.exe [217432 2021-04-20] (Google LLC -> Google LLC)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [iCloudServices]=> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [Amazon Music Helper]=> C:\Users\Amy\AppData\Local\Amazon Music\Amazon Music Helper.exe [3977704 2017-09-19] (Amazon Services LLC -> Amazon Services LLC)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [ApplePhotoStreams]=> C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [SmileboxTray]=> C:\Users\Amy\AppData\Roaming\Smilebox\SmileboxTray.exe [378760 2018-05-28] (Smilebox,Inc. -> Smilebox, Inc.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [CCXProcess]=> C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680720 2021-02-18] (Adobe Inc. -> Adobe Systems Incorporated)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Run: [Adobe Reader Synchronizer]=> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-04-20] (Adobe Inc. -> Adobe Systems Incorporated)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

  HKLM\…\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [109288 2018-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)

  HKLM\…\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2021-02-01] (Adobe Inc. -> Adobe Systems Inc)

  HKLM\…\Print\Monitors\HP B011 Status Monitor: C:\WINDOWS\system32\hpinkstsB011LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)

  HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)

  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-06-01]

  ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.569\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)

  Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Victorian Calendar.lnk [2017-05-10]

  ShortcutTarget: JL Victorian Calendar.lnk -> C:\Program Files (x86)\JL Victorian Calendar\JL Victorian Calendar.exe () [File not signed]

  ====================Scheduled Tasks (Whitelisted)============

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  Task: {0F585C60-E006-48D5-8CA4-1A8A548B226C} – System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload=> {EBF00FCB-0769-4B81-9BEC-6C05514111AA}

  Task: {0F6FF3CF-63D4-4223-929D-C3600170B2D8} – \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <====ATTENTION

  Task: {185AF54A-62E8-455A-B950-53E57B5E9103} – \WPD\SqmUpload_S-1-5-21-2034093662-296997186-3722520090-1001 -> No File <====ATTENTION

  Task: {1E971650-1070-4131-B654-801E57B77AC4} – \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <====ATTENTION

  Task: {2563E18C-32F8-49ED-8EFA-19B9F902F374} – System32\Tasks\G2MUpdateTask-S-1-5-21-2034093662-296997186-3722520090-1001=> C:\Users\Amy\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-05] (LogMeIn, Inc. -> LogMeIn, Inc.)

  Task: {25B3E929-2CE3-4D9E-A794-3F87AA2115C1} – \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <====ATTENTION

  Task: {25E6302B-B4D8-48DD-A4EF-1492AC74DA21} – System32\Tasks\Adobe Acrobat Update Task=> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

  Task: {2734D962-CE24-44A1-A241-FCA8022069B8} – System32\Tasks\Adobe Flash Player NPAPI Notifier=> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)

  Task: {2CE7410A-66CB-4A63-AD19-3070BD7A4DFA} – System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864=> C:\Program Files\Bitdefender Agent\WatchDog.exe [888232 2021-01-29] (Bitdefender SRL -> Bitdefender)

  Task: {30298A1D-6BF5-4070-87F0-95E54B733E34} – System32\Tasks\G2MUploadTask-S-1-5-21-2034093662-296997186-3722520090-1001=> C:\Users\Amy\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-05] (LogMeIn, Inc. -> LogMeIn, Inc.)

  Task: {31E9CBB7-D9BD-4976-A71B-A53429A27C4F} – System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0=> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)

  Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} – System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join=> C:\WINDOWS\System32\AutoWorkplace.exe

  Task: {3DACF95F-D11F-4C22-A315-E8CD9F844A5D} – System32\Tasks\Resolution+ Setting Task=> C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe

  Task: {3DEBD36E-CB3E-4118-BBF1-8049B362F860} – System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034093662-296997186-3722520090-1001UA=> C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-07-28] (Google Inc -> Google Inc.)

  Task: {3FD2751C-B9CF-4028-9FBD-1A4FF224892D} – System32\Tasks\AdobeGCInvoker-1.0=> C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

  Task: {4568858B-C943-4FB9-A62D-0FC2A9249341} – \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <====ATTENTION

  Task: {47D1B769-D235-4613-AF8C-8FF759B57ED0} – System32\Tasks\AMHelper=> C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

  Task: {4C27AF65-1E51-4380-BF44-2BF872CE3974} – \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <====ATTENTION

  Task: {52195725-9557-420E-8D9E-F22137EC0114} – System32\Tasks\Microsoft\Office\Office Subscription Maintenance=> C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1120152 2021-04-27] (Microsoft Corporation -> Microsoft Corporation)

  Task: {59E3F1FD-AE03-47C3-83AF-CBE96502B63D} – System32\Tasks\Driver Easy Scheduled Scan=> C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3392368 2017-11-10] (Easeware Technology Limited -> Easeware)

  Task: {6170DF09-12F1-47A5-92E2-9FF7EEE2CD7C} – System32\Tasks\AMSkipUAC=> C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

  Task: {69589A09-CB1E-4C47-9557-AAED980CAD85} – System32\Tasks\Apple\AppleSoftwareUpdate=> C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

  Task: {6CBF1BB9-8CDE-4D3D-81BB-41D0962E234E} – System32\Tasks\Microsoft\Office\Office Feature Updates=> C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-04-27] (Microsoft Corporation -> Microsoft Corporation)

  Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} – System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task=> {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

  Task: {70173106-0747-4C4E-B5EF-6CCA3091B303} – \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <====ATTENTION

  Task: {7FD1417F-A01A-40FC-AE8F-99B8976EB807} – System32\Tasks\Adobe Flash Player Updater=> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)

  Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} – System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task=> {1B1F472E-3221-4826-97DB-2C2324D389AE}

  Task: {983BB736-2CA2-4294-AB06-BB0A3E97C47C} – \Microsoft\Windows\UNP\RunCampaignManager -> No File <====ATTENTION

  Task: {9C570A98-7A5B-4717-A705-504C1618A3FB} – System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor=> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248800 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)

  Task: {9DDCDDF6-8FAC-414A-8281-1E0EC6689104} – System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034093662-296997186-3722520090-1001Core=> C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-07-28] (Google Inc -> Google Inc.)

  Task: {ABCED686-1E98-471E-9482-DA2159143807} – System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B=> C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-20] (Mozilla Corporation -> Mozilla Foundation)

  Task: {B4D6CDDC-DB2A-4CB4-92C0-D3D267F41DE0} – System32\Tasks\dts_apo_service_task=> C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [16208 2014-05-14] (DTS, Inc. -> )

  Task: {C3603F1B-BDED-44D9-A6C6-9679E5DD7B0E} – System32\Tasks\{CD7662C6-2EF3-42C2-B9B2-6E29C89A7969}=> C:\Windows\system32\pcalua.exe -a “C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe” -c /Uninstall https://outlook-install.yesware.com/Yesware.Outlook.vsto -> -a “C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe” -c /Uninstall hxxps://outlook-install.yesware.com/Yesware.Outlook.vsto

  Task: {C80ED49B-D53C-4E8D-B1F0-CE74E0D2FE68} – System32\Tasks\GoogleUpdateTaskMachineCore=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-20] (Google Inc -> Google Inc.)

  Task: {CE2DE968-E342-40D7-9566-427D45E4A886} – System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor=> {EA9155A3-8A39-40B4-8963-D3C761B18371}

  Task: {CEA71FD7-E88B-4638-8E48-D2C7496DB469} – \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <====ATTENTION

  Task: {CEDAB137-F9C0-4000-AE32-E9A27F5CDCB7} – System32\Tasks\TOSHIBA\Service Station=> C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

  Task: {CFAEBF25-65CA-4D8B-99F8-80C3891D9C04} – System32\Tasks\Microsoft\Office\Office Feature Updates Logon=> C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114008 2021-04-27] (Microsoft Corporation -> Microsoft Corporation)

  Task: {D044CB44-CDD7-4387-A250-A5F260EDE473} – System32\Tasks\GoogleUpdateTaskMachineUA=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-04-20] (Google Inc -> Google Inc.)

  Task: {D5015612-BBAE-43AF-9916-A382CE412F72} – System32\Tasks\NCH Software\DoxillionDowngrade=> C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe [1606192 2019-02-27] (NCH Software Pty Ltd -> NCH Software)

  Task: {E6DE4821-C199-4904-A110-B79C1B5AAAE9} – \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <====ATTENTION

  Task: {EEF04EC1-95C8-4008-9A81-EBE421570290} – \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <====ATTENTION

  Task: {EF15EB58-61E5-4F7A-B94A-F210FF290584} – \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <====ATTENTION

  Task: {F8474187-C92F-4BBB-A8CF-2B5D189549B7} – \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <====ATTENTION

  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

  Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job=> C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

  Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2034093662-296997186-3722520090-1001.job=> C:\Users\Amy\AppData\Local\GoToMeeting\19598\g2mupdate.exe

  Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2034093662-296997186-3722520090-1001.job=> C:\Users\Amy\AppData\Local\GoToMeeting\19598\g2mupload.exe

  ====================Internet (Whitelisted)====================

  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

  Tcpip\Parameters: [DhcpNameServer] 192.168.86.1

  Tcpip\..\Interfaces\{3ca8e744-bf29-4431-90e5-db9f619845be}: [DhcpNameServer] 172.20.10.1

  Tcpip\..\Interfaces\{3d9ad877-1c8c-4d3f-89f3-77ee2b2d930e}: [DhcpNameServer] 40.40.1.201 40.40.1.203

  Tcpip\..\Interfaces\{6315c88e-4bd9-4a8f-8464-cb2a5d1ccec7}: [DhcpNameServer] 192.168.86.1

  Edge:

  =======

  DownloadDir: C:\Users\Amy\Downloads

  Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08=> C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]

  Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8=> C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]

  Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824=> C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]

  Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368=> C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]

  Edge DefaultProfile: Default

  Edge Profile: C:\Users\Amy\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-29]

  FireFox:

  ========

  FF DefaultProfile: ikb7qhw8.default-1496009238453

  FF ProfilePath: C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453 [2021-04-30]

  FF Homepage: Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453 -> www.msnbc.com

  FF Extension: (Grammarly for Firefox) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2021-03-22]

  FF Extension: (Facebook Container) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\@contain-facebook.xpi [2020-09-29]

  FF Extension: (F.B Purity – Cleans up Facebook) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\fbpElectroWebExt@fbpurity.com.xpi [2021-04-24] [UpdateUrl:hxxps://www.fbpurity.com/FF-FBP-Ext-Updates.json]

  FF Extension: (Privacy Badger) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-02-02]

  FF Extension: (AdBlock — best ad blocker) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-04-12]

  FF Extension: (Pinterest Save Button) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2021-04-22]

  FF Extension: (Social Tab) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\social_tab@net.xpi [2021-04-25] [UpdateUrl:hxxps://social-tab.net/firefox/extension.json]

  FF Extension: (Translate Tab) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions ranslate_tab@live.xpi [2021-04-25] [UpdateUrl:hxxps://translate-tab.net/ext/extension.json]

  FF Extension: (Pocket Select All) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\{68a267e1-f384-4356-9f1e-511ec5807858}.xpi [2021-01-09]

  FF Extension: (Revert Site) – C:\Users\Amy\AppData\Roaming\Mozilla\Firefox\Profiles\ikb7qhw8.default-1496009238453\Extensions\{765d21bd-3d0e-4fb2-899f-ea4daa03012a}.xpi [2021-04-17]

  FF HKLM\…\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

  FF Extension: (Adobe Acrobat) – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]

  FF HKLM-x32\…\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi

  FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )

  FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0

  pctrl.dll [2018-10-23] (Microsoft Corporation ->? Microsoft Corporation)

  FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils

  pAdobeAAMDetect64.dll [2021-02-19] (Adobe Inc. -> Adobe Systems)

  FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )

  FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel? Management Engine Components\IPT

  pIntelWebAPIIPT.dll [2014-03-06] (Intel? Identity Protection Technology Software -> Intel Corporation)

  FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel? Management Engine Components\IPT

  pIntelWebAPIUpdater.dll [2014-03-06] (Intel? Identity Protection Technology Software -> Intel Corporation)

  FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0

  pctrl.dll [2018-10-23] (Microsoft Corporation ->? Microsoft Corporation)

  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

  FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] (WildTangent Inc -> )

  FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air

  ppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

  FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR

  ppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

  FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils

  pAdobeAAMDetect32.dll [2021-02-19] (Adobe Inc. -> Adobe Systems)

  Chrome:

  =======

  CHR DefaultProfile: Default

  CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default [2021-04-29]

  CHR Extension: (Slides) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]

  CHR Extension: (Docs) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]

  CHR Extension: (Google Drive) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-30]

  CHR Extension: (YouTube) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

  CHR Extension: (Chrome Cleaner Pro) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2019-04-02]

  CHR Extension: (Google Search) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]

  CHR Extension: (Adobe Acrobat) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-02-18]

  CHR Extension: (Sheets) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]

  CHR Extension: (Google Docs Offline) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-18]

  CHR Extension: (Norton Identity Safe) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-02]

  CHR Extension: (Chrome Web Store Payments) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions

  mmhkkegccagdldgiimedpiccmgmieda [2021-02-16]

  CHR Extension: (HubSpot Sales) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2021-02-18]

  CHR Extension: (Gmail) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]

  CHR Extension: (Chrome Media Router) – C:\Users\Amy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-18]

  CHR Profile: C:\Users\Amy\AppData\Local\Google\Chrome\User Data\System Profile [2018-02-10]

  CHR HKLM\…\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

  CHR HKLM-x32\…\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp]

  CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

  CHR HKLM-x32\…\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

  ====================Services (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9855880 2021-04-29] (Emsisoft Ltd -> Emsisoft Ltd)

  R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

  S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)

  R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2021-02-19] (Adobe Inc. -> Adobe Inc.)

  R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

  R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

  R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-09] (Apple Inc. -> Apple Inc.)

  R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)

  R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4260112 2014-04-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

  R2 DSDFunctionKeyCtlService; C:\WINDOWS\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\DSDFunctionKeyCtlService.exe [615776 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)

  R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-05-14] (DTS, Inc. -> )

  R2 EmsiCommService; C:\Program Files\Emsisoft Anti-Malware\CommService.exe [13367056 2021-04-29] (Emsisoft Ltd -> Emsisoft Ltd)

  R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1545368 2021-04-29] (Emsisoft Ltd -> Emsisoft Ltd)

  R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent Inc -> WildTangent)

  S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

  R2 Intel? Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel? Corporation) [File not signed]

  R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6933272 2020-03-12] (Malwarebytes Inc -> Malwarebytes)

  S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [60416 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)

  R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1358248 2021-01-29] (Bitdefender SRL -> Bitdefender)

  R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [34680 2014-06-11] (TOSHIBA CORPORATION -> )

  S2 TSDHDDProtectService; C:\WINDOWS\System32\DriverStore\FileRepository hpevm.inf_amd64_e37a98374075e5b1\dynabookHDDProtection.exe [425792 2020-07-22] (Dynabook Inc. -> Dynabook Inc.)

  S2 TSDSettingService; C:\WINDOWS\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\dynabookSystemService.exe [44767048 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)

  S2 TSDTabletControlService; C:\WINDOWS\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\TOSTABSYSSVC.exe [296272 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)

  R2 TSDWirelessLEDCtlService; C:\WINDOWS\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\RMService.exe [446248 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)

  S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

  S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

  S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare) [File not signed]

  =====================Drivers (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2021-04-29] (Zemana D.O.O. Sarajevo -> Copyright 2018.)

  S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]

  R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155112 2020-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)

  S0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37776 2019-06-03] (Emsisoft Ltd -> Emsisoft Ltd)

  S0 EppElam; C:\WINDOWS\System32\drivers\EppElam.sys [16808 2021-04-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)

  R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [126968 2021-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)

  R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-04-19] (Malwarebytes Corporation -> Malwarebytes)

  R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216056 2020-07-29] (Malwarebytes Inc -> Malwarebytes)

  S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

  R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197264 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-05] (Malwarebytes Inc -> Malwarebytes)

  R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2021-04-28] (Malwarebytes Inc -> Malwarebytes)

  R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [22736 2015-05-28] (WDKTestCert 1,130752733198717037 -> TOSHIBA)

  R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)

  S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)

  R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [47816 2020-07-22] (Dynabook Inc. -> Dynabook Inc.)

  R0 Thpevm; C:\WINDOWS\System32\drivers\Thpevm.SYS [27384 2020-07-22] (Dynabook Inc. -> Dynabook Inc.)

  R3 tosrfec; C:\WINDOWS\System32\drivers osrfec.sys [37808 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)

  R1 TosSrvCtlDrv; C:\WINDOWS\System32\DriverStore\FileRepository ossrvctl.inf_amd64_4d5c54c80b005163\TosSrvCtlDrv.sys [25816 2021-02-22] (Dynabook Inc. -> Dynabook Inc.)

  R0 TVALZ_O; C:\WINDOWS\System32\drivers\TVALZ_O.SYS [46088 2019-04-30] (Dynabook Inc. -> Dynabook Inc.)

  S3 USBAAPL64; C:\WINDOWS\System32\Drivers?pl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

  S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

  S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)

  S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)

  ====================NetSvcs (Whitelisted)===================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  ====================One month (created) (Whitelisted)=========

  (If an entry is included in the fixlist, the file/folder will be moved.)

  2021-04-30 09:51 – 2021-04-30 09:51 – 000000000 ____D C:\Users\Amy\AppData\LocalLow\IGDump

  2021-04-29 22:37 – 2021-04-30 09:49 – 000053151 _____ C:\Users\Amy\Desktop\Addition.txt

  2021-04-29 22:26 – 2021-04-30 10:26 – 000041068 _____ C:\Users\Amy\Desktop\FRST.txt

  2021-04-29 22:23 – 2021-04-30 10:24 – 000000000 ____D C:\FRST

  2021-04-29 21:07 – 2021-04-29 21:07 – 002298368 _____ (Farbar) C:\Users\Amy\Desktop\FRST64.exe

  2021-04-29 20:10 – 2021-04-29 20:11 – 011291072 _____ (SurfRight B.V.) C:\Users\Amy\Desktop\HitmanPro_x64.exe

  2021-04-29 20:07 – 2021-04-29 20:07 – 000036501 _____ C:\Users\Amy\Desktop\zJPqXCTE.html

  2021-04-29 13:54 – 2021-04-29 13:54 – 000002652 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC

  2021-04-29 13:53 – 2021-04-30 10:28 – 001772896 _____ C:\WINDOWS\ZAM.krnl.trace

  2021-04-29 13:53 – 2021-04-29 13:53 – 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys

  2021-04-29 13:53 – 2021-04-29 13:53 – 000003544 _____ C:\WINDOWS\system32\Tasks\AMHelper

  2021-04-29 13:53 – 2021-04-29 13:53 – 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk

  2021-04-29 13:53 – 2021-04-29 13:53 – 000001340 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk

  2021-04-29 13:53 – 2021-04-29 13:53 – 000000000 ____D C:\Users\Amy\AppData\Local\Zemana

  2021-04-29 13:53 – 2021-04-29 13:53 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware

  2021-04-29 13:53 – 2021-04-29 13:53 – 000000000 ____D C:\Program Files (x86)\Zemana

  2021-04-29 13:52 – 2021-04-29 19:09 – 000000000 ____D C:\Users\Amy\AppData\Local\AMSDK

  2021-04-29 13:43 – 2021-04-29 13:36 – 000016808 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\EppElam.sys

  2021-04-29 13:11 – 2021-04-29 13:35 – 000000000 ____D C:\ProgramData\Emsisoft

  2021-04-29 12:59 – 2021-04-29 12:59 – 000000948 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

  2021-04-29 12:59 – 2021-04-29 12:59 – 000000948 _____ C:\ProgramData\Desktop\Emsisoft Anti-Malware.lnk

  2021-04-29 12:59 – 2021-04-29 12:59 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

  2021-04-29 12:59 – 2019-06-03 13:13 – 000037776 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys

  2021-04-29 12:57 – 2021-04-30 10:18 – 000000000 ____D C:\Program Files\Emsisoft Anti-Malware

  2021-04-29 09:06 – 2021-04-29 09:24 – 000001874 _____ C:\Users\Amy\Desktop\Rkill.txt

  2021-04-29 08:57 – 2021-04-29 08:58 – 001802704 _____ (Bleeping Computer, LLC) C:\Users\Amy\Desktop\rkill.exe

  2021-04-28 18:19 – 2021-04-28 18:25 – 000398576 _____ C:\WINDOWS\system32\PerfStringBackup.TMP

  2021-04-28 18:12 – 2021-04-28 18:12 – 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

  2021-04-28 15:07 – 2021-04-28 15:07 – 008534696 _____ (Malwarebytes) C:\Users\Amy\Desktop\AdwCleaner.exe

  2021-04-28 13:35 – 2021-04-28 13:35 – 000197264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

  2021-04-28 13:35 – 2021-04-28 13:35 – 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

  2021-04-22 10:31 – 2021-04-22 10:31 – 110396692 _____ C:\Users\Amy\Desktop\Amy.zip

  2021-04-21 00:38 – 2021-04-21 00:38 – 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla

  2021-04-20 15:44 – 2021-04-28 18:11 – 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

  2021-04-13 21:38 – 2021-04-13 21:38 – 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

  2021-04-13 21:36 – 2021-04-13 21:36 – 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

  2021-04-13 21:36 – 2021-04-13 21:36 – 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll

  2021-04-02 15:21 – 2021-04-29 15:35 – 000000000 ____D C:\Users\Amy\Documents\BBNCEF

  2021-03-31 09:20 – 2021-03-31 09:26 – 000000000 ____D C:\Users\TEMP

  ====================One month (modified)==================

  (If an entry is included in the fixlist, the file/folder will be moved.)

  2021-04-30 10:13 – 2021-02-18 02:23 – 000000000 ____D C:\WINDOWS\system32\SleepStudy

  2021-04-30 09:56 – 2015-03-23 00:15 – 000000000 ____D C:\Users\Amy\Documents\Outlook Files

  2021-04-30 09:22 – 2019-12-07 01:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

  2021-04-30 08:49 – 2021-02-18 03:30 – 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{554E5DA6-FA23-485D-8C86-9E5F20F2CF15}

  2021-04-29 21:11 – 2021-02-18 03:30 – 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software

  2021-04-29 21:11 – 2021-02-18 02:35 – 000000000 ____D C:\Users\Amy

  2021-04-29 21:11 – 2019-09-10 11:19 – 000000000 ____D C:\Program Files (x86)\NCH Software

  2021-04-29 21:00 – 2015-03-22 22:04 – 000000000 ____D C:\ProgramData\Mozilla

  2021-04-29 20:59 – 2016-11-18 09:45 – 000000000 ____D C:\Users\Amy\AppData\LocalLow\Mozilla

  2021-04-29 20:11 – 2017-05-28 13:02 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

  2021-04-29 15:35 – 2015-03-23 23:44 – 000000000 ____D C:\Users\Amy\Documents\Biz Finances

  2021-04-29 15:26 – 2020-01-15 13:46 – 000000000 ___HD C:\Users\Public\Documents\AdobeGCData

  2021-04-29 15:26 – 2020-01-15 13:46 – 000000000 ___HD C:\ProgramData\Documents\AdobeGCData

  2021-04-29 13:43 – 2019-12-07 01:14 – 000000000 ___HD C:\WINDOWS\ELAMBKUP

  2021-04-28 20:14 – 2015-03-22 21:59 – 000000000 ___RD C:\Users\Amy\OneDrive

  2021-04-28 20:04 – 2017-12-20 01:29 – 000000000 ____D C:\Users\Amy\AppData\Local\Packages

  2021-04-28 18:24 – 2016-06-22 15:23 – 000000000 ___RD C:\Users\Amy\iCloudDrive

  2021-04-28 18:20 – 2015-08-07 09:11 – 000000000 __SHD C:\Users\Amy\IntelGraphicsProfiles

  2021-04-28 18:19 – 2019-12-07 01:13 – 000000000 ____D C:\WINDOWS\INF

  2021-04-28 18:16 – 2017-08-14 04:09 – 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

  2021-04-28 18:11 – 2021-02-18 03:30 – 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

  2021-04-28 18:11 – 2021-02-18 02:23 – 000008192 ___SH C:\DumpStack.log.tmp

  2021-04-28 18:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\ServiceState

  2021-04-28 18:11 – 2015-03-22 22:04 – 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

  2021-04-28 18:08 – 2019-12-07 01:03 – 000786432 _____ C:\WINDOWS\system32\config\BBI

  2021-04-28 15:13 – 2017-05-28 11:39 – 000000000 ____D C:\AdwCleaner

  2021-04-28 15:08 – 2019-03-12 11:11 – 000000000 ____D C:\Users\Amy\Desktop\Peak Dentistry

  2021-04-28 11:03 – 2019-12-07 01:14 – 000000000 ___HD C:\Program Files\WindowsApps

  2021-04-28 11:03 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\AppReadiness

  2021-04-28 08:51 – 2020-07-10 02:17 – 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

  2021-04-28 00:12 – 2014-05-14 23:15 – 000000000 ____D C:\Program Files (x86)\Microsoft Office

  2021-04-27 15:36 – 2019-11-12 18:21 – 000000000 ____D C:\Users\Amy\Desktop\Murray

  2021-04-26 14:23 – 2015-04-20 16:49 – 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

  2021-04-26 14:00 – 2019-09-16 22:28 – 000000000 ____D C:\Users\Amy\Documents\Leigh Ann Bauer

  2021-04-26 13:16 – 2015-09-16 07:34 – 000000000 ___RD C:\Users\Amy\3D Objects

  2021-04-25 00:45 – 2021-02-26 00:17 – 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d705e3c6ed3f04

  2021-04-25 00:45 – 2021-02-18 03:30 – 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

  2021-04-25 00:42 – 2021-02-17 15:32 – 000002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk

  2021-04-25 00:42 – 2021-02-17 15:32 – 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk

  2021-04-24 20:02 – 2015-09-29 20:46 – 000002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

  2021-04-22 22:32 – 2020-09-30 22:01 – 000000000 ____D C:\Program Files\Microsoft Update Health Tools

  2021-04-21 15:41 – 2019-05-30 10:00 – 000000000 ____D C:\Users\Amy\Documents\Alaska Business Monthly

  2021-04-21 10:02 – 2019-12-07 01:03 – 000000000 ____D C:\WINDOWS\CbsTemp

  2021-04-21 09:53 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\LiveKernelReports

  2021-04-21 04:17 – 2021-02-18 03:30 – 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA

  2021-04-21 04:17 – 2021-02-18 03:30 – 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

  2021-04-21 00:38 – 2018-10-26 10:41 – 000001357 _____ C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

  2021-04-21 00:38 – 2015-03-22 22:04 – 000001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

  2021-04-20 19:17 – 2021-02-18 03:30 – 000003674 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034093662-296997186-3722520090-1001UA

  2021-04-20 19:17 – 2021-02-18 03:30 – 000003406 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-2034093662-296997186-3722520090-1001Core

  2021-04-19 14:58 – 2021-02-18 03:30 – 000003364 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2034093662-296997186-3722520090-1001

  2021-04-19 14:58 – 2021-02-18 02:35 – 000002409 _____ C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

  2021-04-18 16:20 – 2021-02-09 12:12 – 000000000 ____D C:\Users\Amy\Desktop\Circle

  2021-04-16 11:05 – 2020-11-19 22:52 – 000000000 ____D C:\Users\Amy\Desktop\Beacon

  2021-04-15 11:26 – 2019-10-09 14:12 – 000000000 ____D C:\Users\Amy\Documents\Colleen Libbey

  2021-04-13 22:23 – 2021-02-18 02:53 – 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI

  2021-04-13 22:21 – 2021-02-18 02:23 – 000458848 _____ C:\WINDOWS\system32\FNTCACHE.DAT

  2021-04-13 22:16 – 2019-09-09 13:16 – 000000644 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2034093662-296997186-3722520090-1001.job

  2021-04-13 22:16 – 2019-09-09 13:16 – 000000548 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2034093662-296997186-3722520090-1001.job

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ___SD C:\WINDOWS\system32\DiagSvcs

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\SystemResources

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\setup

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\oobe

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\lv-LV

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\lt-LT

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\et-EE

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\system32\es-MX

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\Provisioning

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\PolicyDefinitions

  2021-04-13 22:11 – 2019-12-07 01:14 – 000000000 ____D C:\WINDOWS\bcastdvr

  2021-04-13 21:35 – 2021-02-18 02:30 – 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

  2021-04-13 19:43 – 2015-03-24 08:17 – 000000000 ____D C:\WINDOWS\system32\MRT

  2021-04-13 19:16 – 2015-03-24 08:17 – 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

  2021-04-11 00:34 – 2018-03-29 07:40 – 000000000 ____D C:\WINDOWS\system32\Drivers\wd

  2021-04-05 00:45 – 2021-02-18 03:30 – 000003798 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2034093662-296997186-3722520090-1001

  2021-04-05 00:45 – 2021-02-18 03:30 – 000003702 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2034093662-296997186-3722520090-1001

  2021-04-05 00:45 – 2019-09-09 13:16 – 000000000 ____D C:\Users\Amy\AppData\Local\GoToMeeting

  2021-04-02 13:33 – 2019-06-04 16:17 – 000000000 ____D C:\Users\Amy\Documents\Raviant LLC

  2021-04-02 13:32 – 2015-10-22 10:47 – 000000000 ____D C:\Users\Amy\Documents\Archives

  2021-04-02 08:03 – 2015-11-15 15:29 – 000000000 ____D C:\Users\Amy\Documents\C+L Creative

  2021-03-31 09:22 – 2015-03-22 21:48 – 000000000 __RHD C:\Users\Public\AccountPictures

  ====================Files in the root of some directories========

  2020-01-15 13:43 – 2020-01-15 13:43 – 000000410 _____ () C:\Users\Amy\AppData\Local\oobelibMkey.log

  2016-10-18 17:33 – 2016-10-18 17:33 – 000000175 _____ () C:\Users\Amy\AppData\Local?ni

  ====================SigCheck============================

  (There is no automatic fix for files that do not pass verification.)

  ====================End of FRST.txt========================

  ?

  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021

  Ran by Amy (30-04-2021 10:30:19)

  Running from C:\Users\Amy\Desktop

  Windows 10 Home Version 2004 19041.928 (X64) (2021-02-18 11:35:03)

  Boot Mode: Normal

  ==========================================================

  ====================Accounts:=============================

  Administrator (S-1-5-21-2034093662-296997186-3722520090-500 – Administrator – Disabled)

  Amy (S-1-5-21-2034093662-296997186-3722520090-1001 – Administrator – Enabled)=> C:\Users\Amy

  DefaultAccount (S-1-5-21-2034093662-296997186-3722520090-503 – Limited – Disabled)

  Guest (S-1-5-21-2034093662-296997186-3722520090-501 – Limited – Disabled)

  HomeGroupUser$ (S-1-5-21-2034093662-296997186-3722520090-1003 – Limited – Enabled)

  WDAGUtilityAccount (S-1-5-21-2034093662-296997186-3722520090-504 – Limited – Disabled)

  ====================Security Center========================

  (If an entry is included in the fixlist, it will be removed.)

  AV: Emsisoft Anti-Malware (Enabled – Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B}

  AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  AS: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  ====================Installed Programs======================

  (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

  Adobe Acrobat DC (HKLM-x32\…\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.001.20150 – Adobe Systems Incorporated)

  Adobe Acrobat Reader DC (HKLM-x32\…\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 – Adobe Systems Incorporated)

  Adobe AIR (HKLM-x32\…\Adobe AIR) (Version: 25.0.0.134 – Adobe Systems Incorporated)

  Adobe Creative Cloud (HKLM-x32\…\Adobe Creative Cloud) (Version: 5.3.1.470 – Adobe Inc.)

  Adobe Digital Editions 3.0 (HKLM-x32\…\Adobe Digital Editions 3.0) (Version: 3.0.1 – Adobe Systems Incorporated)

  Adobe Digital Editions 4.5 (HKLM-x32\…\Adobe Digital Editions 4.5) (Version: 4.5.8 – Adobe Systems Incorporated)

  Adobe Flash Player 32 NPAPI (HKLM-x32\…\Adobe Flash Player NPAPI) (Version: 32.0.0.465 – Adobe)

  Adobe Genuine Service (HKLM-x32\…\AdobeGenuineService) (Version:? – Adobe)

  AkWarm (HKLM-x32\…\{20874622-F3B1-4452-8B0D-81C2EA673CD7}) (Version: 2.5.3 – AHFC)

  Amazon Music (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Amazon Amazon Music) (Version: 6.0.1.1166 – Amazon Services LLC)

  Apple Application Support (32-bit) (HKLM-x32\…\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 – Apple Inc.)

  Apple Application Support (64-bit) (HKLM\…\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 – Apple Inc.)

  Apple Mobile Device Support (HKLM\…\{2504ACC6-F5B6-4F18-B4A9-2AAF48D89D85}) (Version: 14.0.0.29 – Apple Inc.)

  Apple Software Update (HKLM-x32\…\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 – Apple Inc.)

  AX88179_AX88178A Windows 8.1 Drivers (HKLM-x32\…\{23CD4583-326F-40FC-A9AA-5A48EA066C16}) (Version: 2.0.1.0 – ASIX Electronics Corporation) Hidden

  AX88179_AX88178A Windows 8.1 Drivers (HKLM-x32\…\InstallShield_{23CD4583-326F-40FC-A9AA-5A48EA066C16}) (Version: 2.0.1.0 – ASIX Electronics Corporation)

  Bejeweled 3 (HKLM-x32\…\WTA-6b14439b-21df-447d-999f-048a954f504c) (Version: 2.2.0.97 – WildTangent) Hidden

  Bitdefender Agent (HKLM\…\Bitdefender Agent) (Version: 1.0.1 – Bitdefender)

  Bonjour (HKLM\…\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.)

  Conexant HD Audio (HKLM\…\CNXT_AUDIO_HDA) (Version: 8.65.38.55 – Conexant)

  DiskInternals Word Recovery (HKLM-x32\…\DiskInternals Word Recovery) (Version: 5.3.67 – DiskInternals Research)

  Doxillion Document Converter (HKLM-x32\…\Doxillion) (Version: 3.19 – NCH Software)

  Dragon Assistant 3 (HKLM-x32\…\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.1.30 – Nuance Communications, Inc.)

  Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\…\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.1.30 – Nuance Communications, Inc.)

  Driver Easy 5.5.5 (HKLM\…\DriverEasy_is1) (Version: 5.5.5 – Easeware)

  DTS Sound (HKLM-x32\…\{4A3A33A5-5A08-42F0-B24E-93B23A792180}) (Version: 1.01.7900 – DTS, Inc.)

  ELAN Touchpad 15.8.8.2_X64_WHQL (HKLM\…\Elantech) (Version: 15.8.8.2 – ELAN Microelectronic Corp.)

  Emsisoft Anti-Malware (HKLM\…\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2020.4 – Emsisoft Ltd.)

  Express Zip File Compression (HKLM-x32\…\ExpressZip) (Version: 6.25 – NCH Software)

  Google Chrome (HKLM-x32\…\Google Chrome) (Version: 90.0.4430.93 – Google LLC)

  Google Video Support Plugin (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 – Google, LLC.)

  GoTo Opener (HKLM-x32\…\{27288E10-7B6A-4EAD-BF7D-C40F86C3C751}) (Version: 1.0.527 – LogMeIn, Inc.)

  GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\GoToMeeting) (Version: 10.16.0.19598 – LogMeIn, Inc.)

  HitmanPro 3.8 (HKLM\…\HitmanPro38) (Version: 3.8.22.316 – SurfRight B.V.)

  iCloud (HKLM\…\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 – Apple Inc.)

  Inpaint 8.1 (HKLM\…\{5808866F-D115-46B2-8123-BB6801968101}_is1) (Version:? – Teorex)

  Intel? Chipset Device Software (HKLM-x32\…\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 – Intel? Corporation) Hidden

  Intel? Dynamic Platform and Thermal Framework (HKLM-x32\…\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10000.9 – Intel Corporation)

  Intel? Management Engine Components (HKLM-x32\…\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 – Intel Corporation)

  Intel? Processor Graphics (HKLM-x32\…\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 – Intel Corporation)

  Intel? Rapid Storage Technology (HKLM\…\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 – Intel Corporation)

  Intel? Wireless Bluetooth? 4.0 (HKLM-x32\…\{96C730E4-F055-4118-BDF3-6E071763853C}) (Version: 3.0.1342.02 – Intel Corporation)

  Intel? PROSet/Wireless Software (HKLM-x32\…\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 – Intel Corporation)

  iTunes (HKLM\…\{40FA6352-B70E-434B-95C9-5BB87A0E22BF}) (Version: 12.10.9.3 – Apple Inc.)

  Jacquie Lawson Victorian Calendar (HKLM-x32\…\{D7D0EA94-5D16-19B1-E377-E76A87AA225B}) (Version: 1.0.0 – Microcourt Limited) Hidden

  Jacquie Lawson Victorian Calendar (HKLM-x32\…\com.jacquielawson.victorianadventcalendar2015) (Version: 1.0.0 – Microcourt Limited)

  King Oddball (HKLM-x32\…\WTA-57363e68-1367-4916-b5cd-8ff7e98b0e00) (Version: 3.0.2.48 – WildTangent) Hidden

  Kingo ROOT version 1.4.6.2750 (HKLM-x32\…\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.6.2750 – Kingosoft Technology Ltd.)

  Malwarebytes version 4.1.0.56 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 – Malwarebytes)

  Microsoft 365 – en-us (HKLM\…\O365HomePremRetail – en-us) (Version: 16.0.13901.20462 – Microsoft Corporation)

  Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 90.0.818.49 – Microsoft Corporation)

  Microsoft Edge WebView2 Runtime (HKLM-x32\…\Microsoft EdgeWebView) (Version: 90.0.818.49 – Microsoft Corporation)

  Microsoft Office Home and Business 2016 – en-us (HKLM\…\HomeBusinessRetail – en-us) (Version: 16.0.13901.20462 – Microsoft Corporation)

  Microsoft OneDrive (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\OneDriveSetup.exe) (Version: 21.062.0328.0001 – Microsoft Corporation)

  Microsoft Silverlight (HKLM\…\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 – Microsoft Corporation)

  Microsoft Update Health Tools (HKLM\…\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 – Microsoft Corporation)

  Microsoft Visual C++ 2010? x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

  Microsoft Visual C++ 2010? x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

  Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)

  Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.50727 (HKLM-x32\…\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 – Microsoft Corporation)

  Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)

  Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32\…\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)

  Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32\…\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)

  Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.23.27820 (HKLM-x32\…\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 – Microsoft Corporation)

  Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.23.27820 (HKLM-x32\…\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 – Microsoft Corporation)

  Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 – Microsoft Corporation)

  Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\…\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 – Microsoft Corporation)

  Mozilla Firefox 88.0 (x64 en-US) (HKLM\…\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 – Mozilla)

  Mozilla Maintenance Service (HKLM-x32\…\MozillaMaintenanceService) (Version: 88.0.0.7775 – Mozilla)

  Office 16 Click-to-Run Extensibility Component (HKLM-x32\…\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13901.20462 – Microsoft Corporation) Hidden

  Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\…\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden

  Office 16 Click-to-Run Licensing Component (HKLM\…\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20462 – Microsoft Corporation) Hidden

  Office 16 Click-to-Run Localization Component (HKLM-x32\…\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13901.20336 – Microsoft Corporation) Hidden

  OpenShot Video Editor version 2.4.4 (HKLM\…\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.4 – OpenShot Studios, LLC)

  Realtek Card Reader (HKLM-x32\…\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29079 – Realtek Semiconductor Corp.)

  Skype? 7.22 (HKLM-x32\…\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 – Skype Technologies S.A.)

  Smilebox (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\Smilebox) (Version: 1.0.0.32881 – Smilebox, Inc.)

  Storage Place Launcher (HKLM-x32\…\{BEFE148A-3435-4D41-AD96-5C3742D60726}) (Version: 1.1.0.0 – TOSHIBA America Information Systems, Inc)

  TOSHIBA Application Installer (HKLM\…\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 – Toshiba Corporation)

  TOSHIBA Audio Enhancement (HKLM\…\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 – Toshiba Corporation)

  TOSHIBA Battery Check Utility (HKLM-x32\…\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 – Toshiba Corporation)

  TOSHIBA Display Utility (HKLM\…\{B9A67DC9-EAD3-4B87-B733-F2BA28F0D68E}) (Version: 1.2.4.0 – Toshiba Corporation)

  TOSHIBA eco Utility (HKLM\…\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 – Toshiba Corporation)

  TOSHIBA Favorites (HKLM-x32\…\{7F0A0381-8555-47EF-A200-7F48244D6A69}) (Version: 1.0.0.1 – TOSHIBA America Information Systems, Inc)

  TOSHIBA Function Key (HKLM\…\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 – Toshiba Corporation)

  TOSHIBA HDD Protection (HKLM\…\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.6.02.6403 – Toshiba Corporation)

  TOSHIBA Password Utility (HKLM-x32\…\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.1.6.0 – Toshiba Corporation)

  TOSHIBA Recovery Media Creator (HKLM-x32\…\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 – Toshiba Corporation)

  TOSHIBA Service Station (HKLM\…\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 – Toshiba Corporation)

  TOSHIBA Start (HKLM-x32\…\{9022E68E-A3F9-4DE0-8C8B-31EC78EAEEB4}) (Version: 1.1.0.0 – TOSHIBA America Information Systems, Inc)

  TOSHIBA System Driver (HKLM-x32\…\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0039 – Toshiba Corporation)

  TOSHIBA System Settings (HKLM-x32\…\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.4.32001 – Toshiba Corporation)

  TOSHIBA User’s Guide (HKLM-x32\…\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 – TOSHIBA)

  TOSHIBARegistration (HKLM-x32\…\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 – TOSHIBA)

  Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\…\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 – Microsoft Corporation)

  Update Installer for WildTangent Games App (HKLM-x32\…\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:? – WildTangent) Hidden

  VideoPad Video Editor (HKLM-x32\…\VideoPad) (Version: 7.30 – NCH Software)

  Visual Studio 2012 x64 Redistributables (HKLM\…\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 – AVG Technologies)

  Visual Studio 2012 x86 Redistributables (HKLM-x32\…\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 – AVG Technologies CZ, s.r.o.)

  WildTangent Games (HKLM-x32\…\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 – WildTangent)

  WildTangent Games App (Toshiba Games) (HKLM-x32\…\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.20 – WildTangent) Hidden

  Zemana AntiMalware version 3.2.28 (HKLM-x32\…\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 – Zemana)

  Zoom (HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\ZoomUMX) (Version: 5.5.0 (12454.0131) – Zoom Video Communications, Inc.)

  Packages:

  =========

  - Games App – -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2017-12-19] (WildTangent Games)

  Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-02-17] (Adobe Systems Incorporated)

  Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)

  Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)

  Book Place by Toshiba -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.DigitalPassbyToshiba_2.0.3611.0_x64__vwcaa66y1ah8t [2017-12-19] (K-NFB Reading Technologies, Inc.)

  Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2000.2.0_x86__kgqvnymyfvs32 [2021-04-18] (king.com)

  Deals & Offers -> C:\Program Files\WindowsApps\2B24874D.DealsOffers_1.0.0.4_neutral__v10edqkhnj0dg [2017-12-19] (Synacor, Inc.)

  eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2017-12-19] (eBay, Inc)

  Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.12.5.0_x86__q4d96b2w5wcc2 [2021-04-24] (Evernote)

  HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-04-09] (HP Inc.)

  Hulu -> C:\Program Files\WindowsApps\HULULLC.HULUPLUS_3.1.0.0_neutral__fphbd361v8tya [2021-04-09] (Hulu.)

  iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_7.0.40.0_x64__a76a11dkgb644 [2021-02-18] (iHeartMedia.)

  Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-29] (Instagram)

  Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2017-12-19] (AMZN Mobile LLC)

  Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.35.0_x64__679ekb9hp1h62 [2020-10-18] (sMedio)

  Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

  Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

  Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4072.0_x64__8wekyb3d8bbwe [2021-04-18] (Microsoft Studios) [MS Ad]

  MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-12-19] (Microsoft Corporation) [MS Ad]

  MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-12-19] (Microsoft Corporation) [MS Ad]

  MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

  MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-12-19] (Microsoft Corporation) [MS Ad]

  Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)

  Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-04-24] (Symantec Corporation)

  Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)

  Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-01-15] (Adobe Systems Incorporated)

  Serial Start Up Kit -> C:\Program Files\WindowsApps\55858khh4.SerialStartUpKit_1.0.0.5_neutral__acjnesmsxftga [2017-12-19] (khh4)

  Texture – Unlimited Magazines -> C:\Program Files\WindowsApps\NextIssue.NextIssueMagazines_1.6.1.0_x64__91pt4qm2m3xcw [2017-12-19] (NEXT ISSUE MEDIA LLC)

  Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2017-12-19] (Toshiba America Information Systems, Inc.)

  Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

  White Noise -> C:\Program Files\WindowsApps\TMSOFT.WhiteNoise_7.0.3.0_x64__c733bcf98gd4g [2020-01-15] (TMSOFT)

  Words With Friends -> C:\Program Files\WindowsApps\D52A8D61.WordsWithFriends_1.2.0.1_x64__jwbwg6xx0377a [2017-12-19] (Zynga, Inc.)

  Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-12-25] (Microsoft Corporation)

  Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2017-12-19] (Zinio LLC)

  ====================Custom CLSID (Whitelisted):==============

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Amy\AppData\Local\GoToMeeting\14172\G2MOutlookAddin64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll (Google LLC -> Google LLC)

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll (Google LLC -> Google LLC)

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils

  pAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll (Google LLC -> Google LLC)

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll=> No File

  CustomCLSID: HKU\S-1-5-21-2034093662-296997186-3722520090-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\Amy\AppData\Local\Google\Update\1.3.35.302\psuser_64.dll=> No File

  ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}=> C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-17] (Adobe Inc. -> )

  ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303}=> C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-17] (Adobe Inc. -> )

  ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB}=> C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-17] (Adobe Inc. -> )

  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}=>? -> No File

  ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD}=> C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)

  ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}=> C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-17] (Adobe Inc. -> )

  ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7}=> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

  ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171}=> C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-10-22] () [File not signed]

  ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE}=> C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)

  ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24}=>? -> No File

  ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3}=> C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}=>? -> No File

  ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC}=> C:\WINDOWS\system32\igfxDTCM.dll [2020-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

  ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD}=> C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)

  ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}=> C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-17] (Adobe Inc. -> )

  ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7}=> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

  ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764}=> C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)

  ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171}=> C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-10-22] () [File not signed]

  ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3}=> C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

  ====================Codecs (Whitelisted)====================

  ====================Shortcuts & WMI========================

  ====================Loaded Modules (Whitelisted)=============

  2019-10-22 19:00 – 2019-10-22 19:00 – 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

  2020-04-19 18:37 – 2020-04-19 18:37 – 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll

  2020-04-19 18:37 – 2020-04-19 18:37 – 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll

  ====================Alternate Data Streams (Whitelisted)========

  ====================Safe Mode (Whitelisted)==================

  (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys=> “”=”Driver”

  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys=> “”=”Driver”

  ====================Association (Whitelisted)=================

  ====================Internet Explorer (Whitelisted)==========

  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=hxxp://toshiba13.msn.com/?pc=TNJB

  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=hxxp://toshiba13.msn.com/?pc=TNJB

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\Software\Microsoft\Internet Explorer\Main,Start Page=

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=hxxp://toshiba13.msn.com/?pc=TNJB

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages=hxxp://mystart.toshiba.com

  BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

  BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll=> No File

  BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Toolbar: HKLM – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Toolbar: HKLM-x32 – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-01] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

  Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation)

  Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation)

  Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation)

  Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-08] (Microsoft Corporation -> Microsoft Corporation)

  (If an entry is included in the fixlist, it will be removed from the registry.)

  IE trusted site: HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\sharepoint.com -> hxxps://americanredcross-files.sharepoint.com

  ====================Hosts content:=========================

  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

  2013-08-22 05:25 – 2017-06-01 13:13 – 000000856 _____ C:\WINDOWS\system32\drivers\etc\hosts

  2018-07-07 13:35 – 2018-07-07 13:35 – 000000440 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

  ====================Other Areas===========================

  (Currently there is no automatic fix for this section.)

  HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel? Management Engine Components\DAL;C:\Program Files\Intel\Intel? Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel? Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel? Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Innovation\MajesticMtns.jpg

  DNS Servers: 192.168.86.1

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System=> (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer=> (SmartScreenEnabled: RequireAdmin)

  Windows Firewall is enabled.

  ====================MSCONFIG/TASK MANAGER disabled items==

  (If an entry is included in the fixlist, it will be removed.)

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\StartupApproved\StartupFolder:=> “JL Victorian Calendar.lnk”

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\StartupApproved\Run:=> “Skype”

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\StartupApproved\Run:=> “Amazon Music Helper”

  HKU\S-1-5-21-2034093662-296997186-3722520090-1001\…\StartupApproved\Run:=> “SmileboxTray”

  ====================FirewallRules (Whitelisted)================

  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  FirewallRules: [{DF9402F4-E957-48C6-8C57-4E8788A5887B}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{3C685874-70E4-479E-89DC-8B5733A9EEF2}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{262AF23F-496D-40C2-BB8F-E8D775F1E35D}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{7AC5CBA1-1612-476E-AEA4-AAB20BC1A64F}]=> (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{5DD0CD9A-B524-4531-8898-21B34F7A6B0B}]=> (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

  FirewallRules: [{CDC1CCC5-46AB-4079-B014-88CBD9C0914E}]=> (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{08926BC8-E5E6-4300-8489-A7AEE878E2A4}]=> (Allow) C:\Users\Amy\AppData\Roaming\Zoom\bin\airhost.exe=> No File

  FirewallRules: [{DE691E40-8640-434F-87EC-EECFDD0B8033}]=> (Allow) C:\Users\Amy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

  FirewallRules: [UDP Query User{F116AC73-2073-4503-BEBD-52D1C5B1FBEA}C:\program files\openshot video editor\launch.exe]=> (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]

  FirewallRules: [TCP Query User{03971197-8E70-4548-B9A4-103AA22BDB5B}C:\program files\openshot video editor\launch.exe]=> (Allow) C:\program files\openshot video editor\launch.exe () [File not signed]

  FirewallRules: [{B447B642-3A29-418F-8086-9F46781C685C}]=> (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [UDP Query User{8433D74C-4DD5-4087-8E7E-78AFFA620BA7}C:?\amy\appdata\local\amazon music\amazon music helper.exe]=> (Allow) C:?\amy\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)

  FirewallRules: [TCP Query User{A1883EE2-018D-4880-AE17-3454FD8578DE}C:?\amy\appdata\local\amazon music\amazon music helper.exe]=> (Allow) C:?\amy\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)

  FirewallRules: [UDP Query User{639BBB2C-A344-4E0D-B461-854C9F3554EA}C:?\amy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe]=> (Allow) C:?\amy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe=> No File

  FirewallRules: [TCP Query User{468CEF0A-6166-4D89-9C4F-83B857E5A04B}C:?\amy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe]=> (Allow) C:?\amy\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe=> No File

  FirewallRules: [UDP Query User{457F61C0-CDD2-4040-B734-1FEC259FD434}C:\program files (x86)\skype\phone\skype.exe]=> (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [TCP Query User{AF19E679-77E7-4262-BF81-CD773A2899B9}C:\program files (x86)\skype\phone\skype.exe]=> (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{26B19CD6-C041-449E-B2E3-7C45E7806040}]=> (Allow) c:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [{164F04FE-9865-4285-B6CF-233B96689251}]=> (Allow) c:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [{12399D5A-DA22-44CA-B32D-DE12E9468480}]=> (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [{32B2F932-D6DB-461E-A3B0-DEAD9BAE7A32}]=> (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [{2761BF6C-B2F9-40C3-9558-3C75EA160F32}]=> (Allow) C:\Users\Amy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe=> No File

  FirewallRules: [TCP Query User{8A33A86B-B8D5-4948-ADE4-AD7DB0A536F1}C:\program files (x86)\mozilla firefox\firefox.exe]=> (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [UDP Query User{A7F239A0-387A-455C-9FF6-FF2A7F1567AC}C:\program files (x86)\mozilla firefox\firefox.exe]=> (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

  FirewallRules: [TCP Query User{2620AC13-CD50-4237-9617-053C784AEF1A}C:\program files (x86)\skype\phone\skype.exe]=> (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [UDP Query User{E7394565-C3E2-429C-BE80-87794BD5B91B}C:\program files (x86)\skype\phone\skype.exe]=> (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

  FirewallRules: [{87307941-88EB-44F6-93D5-53DC412C8703}]=> (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{583731F4-F50A-4138-8B68-B9E30A0CD5EE}]=> (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{F161038B-715F-47DF-B3E7-0476B8A7F4B5}]=> (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{0B943CB3-3ED2-41C6-8D3B-1AB4C0B05F5B}]=> (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

  FirewallRules: [{83866A5F-D278-4480-B660-F286CE26D66A}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe=> No File

  FirewallRules: [{E3BC3D9B-4F8A-4A9B-87B9-DED4EE07B077}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe=> No File

  FirewallRules: [{BD11E375-D145-4A5E-8905-28BBB604A2A1}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe=> No File

  FirewallRules: [{66B0AAA7-5BAA-46DB-94BD-F7B6190628E0}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe=> No File

  FirewallRules: [{A990CBB1-AB7C-43EC-813E-2285D1ADF397}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe=> No File

  FirewallRules: [{29983D7E-0A6C-4B7A-80A1-406FB024835B}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe=> No File

  FirewallRules: [{9E1F3B30-F47C-4C76-8E8E-5FDD9A2CC793}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe=> No File

  FirewallRules: [{26894CDD-88E8-4F76-9978-ACF787DB11C0}]=> (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe=> No File

  FirewallRules: [{E7DAC2B0-3C69-44CB-8EA2-DB5429465AC2}]=> (Allow) C:\Users\Amy\AppData\Local\Temp\7zSEBA2.tmp\SymNRT.exe=> No File

  FirewallRules: [{BBDD843E-73E3-42E6-A35C-358A6C7CD0B7}]=> (Allow) C:\Users\Amy\AppData\Local\Temp\7zSEBA2.tmp\SymNRT.exe=> No File

  FirewallRules: [{23FCE42C-3EC6-49CC-A19E-78748D93119A}]=> (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)

  FirewallRules: [TCP Query User{833C81FC-BEB6-4047-897E-EE5CEA5D1E41}C:?\amy\appdata\local\amazon music\amazon music helper.exe]=> (Allow) C:?\amy\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)

  FirewallRules: [UDP Query User{683E141B-41F3-4ACC-B6CE-AE85219F4AA9}C:?\amy\appdata\local\amazon music\amazon music helper.exe]=> (Allow) C:?\amy\appdata\local\amazon music\amazon music helper.exe (Amazon Services LLC -> Amazon Services LLC)

  FirewallRules: [{0A647399-9BDA-4969-B5C9-7A48AEA9394F}]=> (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )

  FirewallRules: [{653ABC0E-1851-43EE-9454-551206411BC3}]=> (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

  FirewallRules: [{8815D188-DB77-4EDA-BFA0-D8C18D081D50}]=> (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

  ====================Restore Points=========================

  21-04-2021 09:58:12 Windows Modules Installer

  29-04-2021 12:48:23 Scheduled Checkpoint

  ====================Faulty Device Manager Devices============

  ====================Event log errors:========================

  Application errors:

  ==================

  Error: (04/29/2021 07:10:00 PM) (Source: ESENT) (EventID: 490) (User: )

  Description: svchost (4116,D,0) SRUJet: An attempt to open the file “C:\WINDOWS\system32\SRU\SRUtmp.log” for read / write access failed with system error 32 (0x00000020): “The process cannot access the file because it is being used by another process. “.? The open file operation will fail with error -1032 (0xfffffbf8).

  Error: (04/29/2021 01:43:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )

  Description: Security Center failed to validate caller with error %1.

  Error: (04/29/2021 01:41:56 PM) (Source: SecurityCenter) (EventID: 17) (User: )

  Description: Security Center failed to validate caller with error %1.

  Error: (04/29/2021 01:35:24 PM) (Source: SecurityCenter) (EventID: 17) (User: )

  Description: Security Center failed to validate caller with error %1.

  Error: (04/29/2021 01:10:29 PM) (Source: SecurityCenter) (EventID: 17) (User: )

  Description: Security Center failed to validate caller with error %1.

  Error: (04/29/2021 01:02:53 PM) (Source: SecurityCenter) (EventID: 17) (User: )

  Description: Security Center failed to validate caller with error %1.

  Error: (04/29/2021 08:42:23 AM) (Source: Application Error) (EventID: 1000) (User: )

  Description: Faulting application name: mbamtray.exe, version: 4.0.0.766, time stamp: 0x5f20a5ba

  Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5e8272e4

  Exception code: 0xc0000005

  Fault offset: 0x0000000000219d05

  Faulting process id: 0x1be8

  Faulting application start time: 0x01d73c9d91510c65

  Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

  Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

  Report Id: 0f5c2ce7-a3d3-4a27-9b94-21396eaa54a3

  Faulting package full name:

  Faulting package-relative application ID:

  Error: (04/23/2021 08:17:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

  Description: The storage optimizer couldn’t complete retrim on TI10701100D (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

  System errors:

  =============

  Error: (04/30/2021 12:34:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

  Description: The Bluetooth User Support Service_b9f01 service failed to start due to the following error:

  The service did not respond to the start or control request in a timely fashion.

  Error: (04/30/2021 12:34:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

  Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth User Support Service_b9f01 service to connect.

  Error: (04/30/2021 12:34:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

  Description: The Adobe Flash Player Update Service service failed to start due to the following error:

  The service did not respond to the start or control request in a timely fashion.

  Error: (04/30/2021 12:34:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

  Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

  Error: (04/30/2021 12:34:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

  Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

  Error: (04/30/2021 12:33:27 PM) (Source: BTHUSB) (EventID: 17) (User: )

  Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

  Error: (04/30/2021 08:42:22 AM) (Source: DCOM) (EventID: 10010) (User: AMYSLAPTOP)

  Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

  Error: (04/30/2021 04:39:05 AM) (Source: BTHUSB) (EventID: 17) (User: )

  Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

  Windows Defender:

  ================

  Date: 2021-04-28 02:07:45

  Description:

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  Date: 2021-04-27 02:17:16

  Description:

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  Date: 2021-04-26 02:17:10

  Description:

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  Date: 2021-04-25 02:17:03

  Description:

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  Date: 2021-04-24 02:17:01

  Description:

  Microsoft Defender Antivirus scan has been stopped before completion.

  Scan Type: Antimalware

  Scan Parameters: Quick Scan

  Date: 2021-04-28 18:25:26

  Description:

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version:

  Previous security intelligence Version: 1.337.129.0

  Update Source: Microsoft Update Server

  Security intelligence Type: AntiVirus

  Update Type: Full

  Current Engine Version:

  Previous Engine Version: 1.1.18100.5

  Error code: 0x80240438

  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

  Date: 2021-04-27 10:22:14

  Description:

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version: 1.337.54.0

  Previous security intelligence Version: 1.335.1735.0

  Update Source: User

  Security intelligence Type: AntiSpyware

  Update Type: Delta

  Current Engine Version: 1.1.18100.5

  Previous Engine Version: 1.1.18000.5

  Error code: 0x80070666

  Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

  Date: 2021-04-27 10:22:14

  Description:

  Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

  New security intelligence Version: 1.337.54.0

  Previous security intelligence Version: 1.335.1735.0

  Update Source: User

  Security intelligence Type: AntiVirus

  Update Type: Delta

  Current Engine Version: 1.1.18100.5

  Previous Engine Version: 1.1.18000.5

  Error code: 0x80070666

  Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

  Date: 2021-04-27 10:22:14

  Description:

  Microsoft Defender Antivirus has encountered an error trying to update the engine.

  New Engine Version: 1.1.18100.5

  Previous Engine Version: 1.1.18000.5

  Error Code: 0x80070666

  Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

  CodeIntegrity:

  ===============

  Date: 2021-04-30 12:42:53

  Description:

  Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppwsc.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2021-04-30 12:40:39

  Description:

  Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  ====================Memory info===========================

  BIOS: INSYDE Corp. 1.60 12/23/2014

  Motherboard: Type2 – Board Vendor Name1 Type2 – Board Product Name1

  Processor: Intel? Core? i5-4210U CPU @ 1.70GHz

  Percentage of memory in use: 87%

  Total physical RAM: 8113.14 MB

  Available physical RAM: 1031.25 MB

  Total Virtual: 12721.14 MB

  Available Virtual: 3447.56 MB

  ====================Drives================================

  Drive c: (TI10701100D) (Fixed) (Total:687.7 GB) (Free:528.85 GB) NTFS

  \\?\Volume{e6d50978-3a04-11e4-9f15-c3d7b29e0118}\ (System) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS

  \\?\Volume{587b4f57-e8c3-4045-a2a2-a7ff650fac6a}\ () (Fixed) (Total:0.9 GB) (Free:0.39 GB) NTFS

  \\?\Volume{96d3b7c4-bd22-11e4-86c9-000000002809}\ (Recovery) (Fixed) (Total:8.81 GB) (Free:0.98 GB) NTFS

  \\?\Volume{e6d50980-3a04-11e4-9f15-c3d7b29e0118}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

  ====================MBR & Partition Table====================

  ==========================================================

  Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

  Partition: GPT.

  ====================End of Addition.txt=======================