Solved Windows 10 possible virus

[necee99]

I have a 2 in 1 tablet PC. Windows 10. Brand is Nextbook. All of a sudden I started to get an error message with a lady's voice saying my computer has been infected by spyware and all of my sensitive info has been compromised. Please help me diagnose and identify if there is a virus. I have downloaded Malwarebytes and it found no threats, but I'm not sure if it's safe yet. Thanks in advance.

 

[mailpup]

Moving to Virus and Malware Removal forum.

 

[Broni]

You've been to this forum before so you should know the drill.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[necee99]

Sorry, It's been a while. I will be completing the steps asap. Thx so much.

 

[Broni]

OK.

 

[necee99]

Am I supposed to create a new thread of my scan in the public posts?

 

[necee99]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.11.2018
Ran by Al (administrator) on DESKTOP-VOOUCSA (14-11-2018 11:30:38)
Running from C:\Users\Al\Desktop\FRST-OlderVersion
Loaded Profiles: Al & (Available Profiles: Al)
Platform: Microsoft Windows 10 Home Version 1803 17134.345 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100015997\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016248\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [194560 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016579\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [14544792 2018-10-23] (Piriform Ltd)
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016579\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [194560 2018-04-11] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oem.vbs [2016-02-29] ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oem.vbs [2016-02-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6ac513c1-aa45-427e-a661-609e19b9e2cd}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{aef11ddc-4969-4998-a146-a132c5cfa69f}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{bb145e31-49d2-47e5-a940-f3dad46935ff}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2BE07928-4061-46DC-8056-DB0601B8275F}&mid=8f7b01e2293d47cdb48b85adfb6222fc-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2015-10-02 16:54:43&v=4.3.7.452&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016579\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={2BE07928-4061-46DC-8056-DB0601B8275F}&mid=8f7b01e2293d47cdb48b85adfb6222fc-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=AVG&coid=avgtbavg&cmpid=0217tb&pr=fr&d=2015-10-02 16:54:43&v=4.3.7.452&pid=wtu&sg=&sap=hp

Edge:
======
Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.8.0_neutral__8wekyb3d8bbwe [2018-05-01]

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-30] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default [2018-11-14]
CHR Extension: (Slides) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-30]
CHR Extension: (Docs) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-30]
CHR Extension: (Google Drive) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-30]
CHR Extension: (YouTube) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-30]
CHR Extension: (Sheets) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-30]
CHR Extension: (Gmail) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-08-03] ()
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [292840 2015-12-21] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1259184 2015-08-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [310760 2015-12-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3358832 2018-10-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [91584 2018-10-23] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [66560 2018-04-11] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2018-04-11] (Microsoft Corporation)
R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [747328 2015-09-10] (Intel(R) Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [51712 2015-08-31] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [48640 2015-08-31] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [228864 2015-08-31] (Intel Corporation)
R3 iaisp; C:\WINDOWS\System32\drivers\iaisp32.sys [15528 2015-09-10] (Intel(R) Corporation)
R3 iaspie; C:\WINDOWS\System32\drivers\iaspie.sys [50176 2015-07-10] (Intel(R) Corporation)
R3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [89088 2015-07-09] (Intel(R) Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd32lp.sys [6611944 2015-12-21] (Intel Corporation)
R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [88568 2015-12-03] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [631352 2016-01-06] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [229568 2018-10-30] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [26592 2015-07-10] (Intel(R) Corporation)
R3 ov2680; C:\WINDOWS\System32\drivers\ov2680.sys [89672 2016-01-06] (Intel(R) Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [84480 2015-07-10] (Intel(R) Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [282864 2015-08-29] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\WINDOWS\System32\drivers\rtwlans.sys [6555136 2018-04-11] (Realtek Semiconductor Corporation )
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [131896 2015-07-02] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38504 2018-10-23] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [261816 2018-10-23] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [47800 2018-10-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 11:27 - 2018-11-14 11:30 - 000000000 ____D C:\Users\Al\Desktop\FRST-OlderVersion
2018-11-14 11:27 - 2018-11-14 11:30 - 000000000 ____D C:\FRST
2018-11-14 11:27 - 2018-11-14 11:27 - 001775616 _____ (Farbar) C:\Users\Al\Downloads\FRST.exe
2018-11-14 11:20 - 2018-11-14 11:20 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2018-11-14 11:19 - 2018-11-14 11:20 - 000000000 ____D C:\34a6a8aeec1895aa097204233d
2018-11-14 11:07 - 2018-11-14 11:08 - 012231000 _____ (Microsoft Corporation) C:\Users\Al\Downloads\mseinstall.exe
2018-11-13 22:17 - 2018-11-13 22:17 - 000182130 _____ C:\Users\Al\Downloads\CO-151-E.pdf
2018-11-13 22:17 - 2018-11-13 22:17 - 000048012 _____ C:\Users\Al\Downloads\CO-152-E.pdf
2018-11-13 22:16 - 2018-11-13 22:16 - 000887934 _____ C:\Users\Al\Downloads\CO-153-E.pdf
2018-11-13 22:15 - 2018-11-13 22:15 - 000222184 _____ C:\Users\Al\Downloads\20181105E.pdf
2018-11-13 22:13 - 2018-11-13 22:13 - 000178809 _____ C:\Users\Al\Downloads\20181106E (1).pdf
2018-11-13 22:12 - 2018-11-13 22:12 - 000193735 _____ C:\Users\Al\Downloads\20181112E.pdf
2018-11-13 22:11 - 2018-11-13 22:11 - 000233816 _____ C:\Users\Al\Downloads\20181113E.pdf
2018-11-13 21:22 - 2018-11-13 21:22 - 000000000 ___HD C:\OneDriveTemp
2018-11-13 21:12 - 2018-11-13 21:12 - 000178809 _____ C:\Users\Al\Downloads\20181106E.pdf
2018-11-13 21:11 - 2018-11-13 21:11 - 000223041 _____ C:\Users\Al\Downloads\20180801E.pdf
2018-11-13 21:09 - 2018-11-13 21:10 - 005244653 _____ C:\Users\Al\Downloads\public talk list.pdf
2018-11-13 21:09 - 2018-11-13 21:09 - 005244653 _____ C:\Users\Al\Downloads\S-99-E.pdf
2018-11-13 21:08 - 2018-11-13 21:08 - 000041916 _____ C:\Users\Al\Downloads\S-89-E.pdf
2018-11-01 23:08 - 2018-11-01 23:08 - 000089930 _____ C:\Users\Al\Downloads\HOW THE KINGDOM OF GOD AFFECTS YOU.pdf
2018-11-01 23:06 - 2018-11-01 23:06 - 000089930 _____ C:\Users\Al\Downloads\PB_042-E.pdf
2018-11-01 23:05 - 2018-11-01 23:05 - 000176300 _____ C:\Users\Al\Downloads\ANNOUNCEMENTS AND REMINDERS Nov 2018.pdf
2018-11-01 22:57 - 2018-11-01 22:57 - 000176300 _____ C:\Users\Al\Downloads\S-147-18.11-E_Us.pdf
2018-11-01 21:22 - 2018-11-01 21:22 - 002225987 _____ C:\Users\Al\Documents\Respirator Questionnaire-al.pdf
2018-10-31 21:34 - 2018-10-31 21:34 - 001015945 _____ C:\Users\Al\Downloads\Respirator Questionnaire-al.pdf
2018-10-31 21:21 - 2018-10-31 21:21 - 001015945 _____ C:\Users\Al\Downloads\Respirator Questionnaire.pdf
2018-10-31 21:16 - 2018-10-31 21:16 - 000002624 _____ C:\Users\Al\Downloads\event.ics
2018-10-31 21:14 - 2018-10-31 21:14 - 000002624 _____ C:\Users\Al\Downloads\event-inline.ics
2018-10-31 18:10 - 2018-11-13 19:35 - 000000000 ____D C:\Users\Al\AppData\Local\CrashDumps
2018-10-30 13:36 - 2018-10-30 13:36 - 000229568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-30 13:20 - 2018-10-30 13:20 - 001142072 _____ (Microsoft Corporation) C:\WINDOWS\ucrtbase.dll
2018-10-30 13:20 - 2018-10-30 13:20 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-10-30 13:17 - 2018-10-30 13:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-10-30 13:17 - 2018-10-30 13:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-30 13:17 - 2018-10-30 13:17 - 000000000 ____D C:\Program Files\CCleaner
2018-10-30 13:13 - 2018-10-30 13:15 - 018072104 _____ (Piriform Ltd) C:\Users\Al\Downloads\ccsetup548.exe
2018-10-30 13:11 - 2018-10-30 13:11 - 000000000 ____D C:\Users\Al\AppData\Local\mbamtray
2018-10-30 13:11 - 2018-10-30 13:11 - 000000000 ____D C:\Users\Al\AppData\Local\mbam
2018-10-30 13:11 - 2018-10-30 13:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-30 13:10 - 2018-10-30 13:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-30 13:10 - 2018-10-30 13:10 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-30 13:10 - 2018-10-18 08:44 - 000129248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae.sys
2018-10-30 13:09 - 2018-10-30 13:09 - 078533024 _____ (Malwarebytes ) C:\Users\Al\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7589.exe
2018-10-30 13:00 - 2018-11-13 18:55 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-30 13:00 - 2018-11-13 18:55 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-30 12:58 - 2018-10-30 13:16 - 000000000 ____D C:\Users\Al\AppData\Local\Google
2018-10-30 12:58 - 2018-10-30 12:59 - 000000000 ____D C:\Program Files\Google
2018-10-29 01:51 - 2018-10-29 01:51 - 000229108 _____ C:\Users\Al\Documents\check stub 11-1-16.pdf
2018-10-27 11:02 - 2018-10-27 11:02 - 000000000 _____ C:\Users\Al\Downloads\WIRELESS MICROPHONE REPLACEMENT INITIATIVE .pdf
2018-10-21 11:30 - 2018-10-21 11:30 - 001360003 _____ C:\Users\Al\Downloads\LOCAL DESIGN&CONSTRUCTION VOLUNTEER APPLICATION- bernice.pdf
2018-10-19 11:49 - 2018-10-19 11:49 - 000119470 _____ C:\Users\Al\Documents\check stub paragon 10-19-18.pdf
2018-10-17 20:00 - 2018-10-17 20:01 - 004313770 _____ C:\Users\Al\Downloads\al wells ldc application.pdf
2018-10-16 08:30 - 2018-09-21 02:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-16 08:30 - 2018-09-20 22:14 - 000994480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-16 08:30 - 2018-09-20 22:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-16 08:30 - 2018-09-20 22:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-16 08:30 - 2018-09-20 21:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-10-16 08:30 - 2018-09-20 21:57 - 002808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-16 08:30 - 2018-09-20 21:54 - 002412544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-16 08:30 - 2018-09-20 02:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-16 08:30 - 2018-09-20 02:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-16 08:30 - 2018-09-20 02:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-16 08:30 - 2018-09-19 22:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-16 08:30 - 2018-09-19 22:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-16 08:30 - 2018-09-19 22:29 - 002354168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-16 08:30 - 2018-09-19 22:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-16 08:30 - 2018-09-19 22:28 - 006686736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-16 08:30 - 2018-09-19 22:28 - 002031120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-16 08:30 - 2018-09-19 22:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-16 08:30 - 2018-09-19 22:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-16 08:30 - 2018-09-19 22:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-16 08:30 - 2018-09-19 22:15 - 003254784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-16 08:30 - 2018-09-19 22:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-16 08:30 - 2018-09-19 22:10 - 002278912 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-16 08:30 - 2018-09-19 22:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-16 08:30 - 2018-09-19 22:08 - 001752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-16 08:30 - 2018-09-19 22:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-16 08:30 - 2018-09-08 01:28 - 002712376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-16 08:30 - 2018-09-08 01:27 - 001367864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-16 08:30 - 2018-09-08 01:27 - 000628224 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-16 08:30 - 2018-09-08 01:27 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-16 08:30 - 2018-09-08 01:27 - 000520184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-16 08:30 - 2018-09-08 01:27 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-16 08:30 - 2018-09-08 01:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-16 08:30 - 2018-09-08 00:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-16 08:30 - 2018-09-08 00:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-16 08:30 - 2018-09-08 00:59 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-16 08:30 - 2018-09-08 00:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-16 08:30 - 2018-09-08 00:58 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-16 08:30 - 2018-09-08 00:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-16 08:30 - 2018-09-07 21:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-16 08:30 - 2018-09-07 21:44 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-16 08:30 - 2018-09-07 21:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-16 08:30 - 2018-09-07 21:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-16 08:30 - 2018-09-07 21:26 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-16 08:30 - 2018-09-07 21:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-16 08:30 - 2018-09-07 21:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-16 08:30 - 2018-09-07 21:24 - 001049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-16 08:30 - 2018-09-07 21:24 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-10-16 08:30 - 2018-09-07 21:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-16 08:30 - 2018-09-07 21:23 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-16 08:30 - 2018-09-07 21:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-16 08:29 - 2018-10-16 08:29 - 000225238 _____ C:\Users\Al\Documents\check stub 10-16-18.pdf
2018-10-16 08:29 - 2018-09-21 02:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-16 08:29 - 2018-09-20 22:16 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-16 08:29 - 2018-09-20 22:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-16 08:29 - 2018-09-20 22:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-16 08:29 - 2018-09-20 22:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-16 08:29 - 2018-09-20 21:58 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-16 08:29 - 2018-09-20 21:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-16 08:29 - 2018-09-20 21:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-16 08:29 - 2018-09-20 21:56 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-16 08:29 - 2018-09-20 21:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-16 08:29 - 2018-09-20 21:55 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-16 08:29 - 2018-09-20 21:55 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-16 08:29 - 2018-09-20 21:55 - 000489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-16 08:29 - 2018-09-20 21:54 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-16 08:29 - 2018-09-20 21:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-10-16 08:29 - 2018-09-20 21:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-16 08:29 - 2018-09-20 21:53 - 000977408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-16 08:29 - 2018-09-20 21:53 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-16 08:29 - 2018-09-20 21:53 - 000493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-16 08:29 - 2018-09-20 21:53 - 000349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-16 08:29 - 2018-09-20 02:46 - 001465296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-16 08:29 - 2018-09-20 02:43 - 000316248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-16 08:29 - 2018-09-20 02:43 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-10-16 08:29 - 2018-09-20 02:30 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-16 08:29 - 2018-09-20 02:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-16 08:29 - 2018-09-20 02:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-16 08:29 - 2018-09-20 02:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-16 08:29 - 2018-09-20 02:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-16 08:29 - 2018-09-19 22:29 - 002144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-16 08:29 - 2018-09-19 22:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-16 08:29 - 2018-09-19 22:29 - 000437048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-16 08:29 - 2018-09-19 22:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-10-16 08:29 - 2018-09-19 22:28 - 001190696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-16 08:29 - 2018-09-19 22:28 - 001050680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-16 08:29 - 2018-09-19 22:28 - 000949536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-16 08:29 - 2018-09-19 22:28 - 000831224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-16 08:29 - 2018-09-19 22:28 - 000679832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-16 08:29 - 2018-09-19 22:28 - 000633344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-16 08:29 - 2018-09-19 22:28 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-16 08:29 - 2018-09-19 22:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-16 08:29 - 2018-09-19 22:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-16 08:29 - 2018-09-19 22:11 - 000335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-16 08:29 - 2018-09-19 22:10 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-16 08:29 - 2018-09-19 22:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-16 08:29 - 2018-09-19 22:10 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-16 08:29 - 2018-09-19 22:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-16 08:29 - 2018-09-19 22:07 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-16 08:29 - 2018-09-19 19:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrd3x40.dll
2018-10-16 08:29 - 2018-09-08 01:27 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-16 08:29 - 2018-09-08 01:27 - 000126264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-16 08:29 - 2018-09-08 01:27 - 000062264 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-16 08:29 - 2018-09-08 01:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-16 08:29 - 2018-09-08 01:15 - 000456504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-16 08:29 - 2018-09-08 01:13 - 001531112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-16 08:29 - 2018-09-08 01:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-16 08:29 - 2018-09-08 01:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-16 08:29 - 2018-09-08 01:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-16 08:29 - 2018-09-08 01:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-16 08:29 - 2018-09-08 01:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-16 08:29 - 2018-09-08 01:00 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-16 08:29 - 2018-09-08 01:00 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-16 08:29 - 2018-09-08 00:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-16 08:29 - 2018-09-08 00:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-16 08:29 - 2018-09-08 00:59 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-16 08:29 - 2018-09-08 00:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-16 08:29 - 2018-09-08 00:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-16 08:29 - 2018-09-08 00:58 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-16 08:29 - 2018-09-08 00:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-16 08:29 - 2018-09-08 00:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-16 08:29 - 2018-09-08 00:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-16 08:29 - 2018-09-08 00:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-16 08:29 - 2018-09-07 21:45 - 000619024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-16 08:29 - 2018-09-07 21:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-16 08:29 - 2018-09-07 21:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-16 08:29 - 2018-09-07 21:44 - 000359952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-16 08:29 - 2018-09-07 21:44 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-16 08:29 - 2018-09-07 21:44 - 000220688 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-16 08:29 - 2018-09-07 21:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-16 08:29 - 2018-09-07 21:29 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-16 08:29 - 2018-09-07 21:28 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-16 08:29 - 2018-09-07 21:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-16 08:29 - 2018-09-07 21:28 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-16 08:29 - 2018-09-07 21:27 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-16 08:29 - 2018-09-07 21:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-16 08:29 - 2018-09-07 21:27 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-16 08:29 - 2018-09-07 21:27 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-16 08:29 - 2018-09-07 21:27 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-16 08:29 - 2018-09-07 21:27 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-16 08:29 - 2018-09-07 21:27 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-16 08:29 - 2018-09-07 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-16 08:29 - 2018-09-07 21:25 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-16 08:29 - 2018-09-07 21:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-16 08:29 - 2018-09-07 21:24 - 000367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-16 08:29 - 2018-09-07 21:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-16 08:29 - 2018-09-07 21:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-16 08:29 - 2018-09-07 21:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-16 08:29 - 2018-09-07 21:22 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-14 11:31 - 2018-04-11 14:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-14 11:31 - 2017-06-06 16:05 - 000000000 ___RD C:\Users\Al\OneDrive
2018-11-14 11:28 - 2018-04-11 14:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-14 11:01 - 2017-06-06 18:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-11-14 11:01 - 2017-06-06 16:02 - 000000000 __SHD C:\Users\Al\IntelGraphicsProfiles
2018-11-13 21:58 - 2018-06-14 09:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-13 21:22 - 2018-04-11 14:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-13 20:04 - 2018-04-11 14:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-11 10:26 - 2018-09-18 19:11 - 000000000 ____D C:\Users\Al\AppData\Local\ElevatedDiagnostics
2018-11-01 21:23 - 2018-04-11 14:31 - 000000000 ____D C:\WINDOWS\INF
2018-10-31 18:24 - 2017-11-27 19:48 - 000000000 ____D C:\Users\Al\AppData\Local\Packages
2018-10-31 18:07 - 2017-12-03 09:45 - 000000000 ____D C:\Users\Al\AppData\Local\PlaceholderTileLogoFolder
2018-10-30 13:40 - 2018-06-14 09:57 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-10-30 13:36 - 2018-06-14 10:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-30 13:35 - 2018-04-11 06:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-10-30 13:24 - 2018-04-11 14:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-10-30 13:20 - 2018-06-09 06:27 - 000000000 ___DC C:\WINDOWS\Panther
2018-10-30 13:20 - 2018-04-11 14:36 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-10-30 12:59 - 2017-11-27 20:17 - 000000000 ___HD C:\Users\Al\MicrosoftEdgeBackups
2018-10-30 12:55 - 2018-04-11 21:49 - 000000000 ____D C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly
2018-10-30 12:55 - 2018-04-11 21:48 - 000000000 ____D C:\Users\Al\AppData\Local\GrammarlyForWindows
2018-10-23 12:07 - 2018-02-26 16:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-10-17 18:12 - 2018-06-14 09:44 - 000002365 _____ C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-10-16 18:33 - 2018-06-14 09:42 - 000231040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-16 18:33 - 2017-11-27 20:16 - 000000000 ___RD C:\Users\Al\3D Objects
2018-10-16 18:33 - 2016-03-09 21:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-16 17:27 - 2018-04-11 14:36 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-16 17:27 - 2018-04-11 14:36 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-16 17:27 - 2018-04-11 14:36 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-16 17:27 - 2018-04-11 14:36 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-16 17:27 - 2018-04-11 14:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-16 16:48 - 2017-09-28 19:17 - 000023973 _____ C:\Users\Al\Downloads\ELDERS MEET WITH REGULAR PIONEERS, SPECIAL PIONEERS, AND FIELD MISSIONARIES .pdf
2018-10-16 08:48 - 2017-06-07 19:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-16 08:38 - 2017-06-07 19:02 - 133674168 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-16 08:24 - 2018-06-18 07:25 - 000000000 ____D C:\ProgramData\Packages
2018-10-16 08:15 - 2017-06-06 18:28 - 000479504 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-06-06 18:18 - 2012-07-22 10:20 - 000001881 _____ () C:\Users\TSWIN\bkstudy.dat
2017-06-06 18:18 - 2013-01-01 17:40 - 000000400 _____ () C:\Users\TSWIN\cplot.dat
2017-06-06 18:18 - 2012-07-22 10:18 - 000005120 _____ () C:\Users\TSWIN\emerg.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000005600 _____ () C:\Users\TSWIN\meeting.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000000216 _____ () C:\Users\TSWIN\oddmo7.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000001040 _____ () C:\Users\TSWIN\remark7.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000000864 _____ () C:\Users\TSWIN\spcards.dat
2017-06-06 18:18 - 2012-07-22 10:14 - 000000096 _____ () C:\Users\TSWIN\spneed.dat
2017-06-06 18:18 - 2010-01-18 21:20 - 000339857 _____ () C:\Users\TSWIN\sutswin.exe
2017-06-06 18:18 - 2012-07-22 10:20 - 000004032 _____ () C:\Users\TSWIN\tinac7.dat
2017-06-06 18:18 - 2012-07-19 17:13 - 000003000 _____ () C:\Users\TSWIN\tinact.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000001344 _____ () C:\Users\TSWIN\tmove7.dat
2017-06-06 18:18 - 2012-07-19 17:13 - 000001000 _____ () C:\Users\TSWIN\tmoved.dat
2017-06-06 18:18 - 2012-07-22 10:20 - 000000000 _____ () C:\Users\TSWIN\tnopu7.dat
2017-06-06 18:18 - 2012-07-19 17:13 - 000000000 _____ () C:\Users\TSWIN\tnopub.dat
2017-06-06 18:18 - 2012-10-20 20:31 - 000094434 _____ (John El Self) C:\Users\TSWIN\tscard.exe
2017-06-06 18:18 - 2016-01-02 18:19 - 000305734 _____ (John El Self) C:\Users\TSWIN\tswin.exe
2017-06-06 18:18 - 2010-01-18 21:21 - 000100494 _____ (John El Self) C:\Users\TSWIN\Tsx.exe
2017-06-06 18:18 - 2012-07-19 17:09 - 000001344 _____ () C:\Users\TSWIN\txtra.dat
2017-06-06 18:18 - 2012-07-22 10:15 - 000004032 _____ () C:\Users\TSWIN\xten7.dat
2017-06-06 18:18 - 2012-07-19 17:09 - 000002688 _____ () C:\Users\TSWIN\xtend.dat
2017-06-06 18:18 - 2013-01-01 17:42 - 000000400 _____ () C:\Users\TSWIN WG\cplot.dat
2017-06-06 18:18 - 2012-10-20 20:31 - 000094434 _____ (John El Self) C:\Users\TSWIN WG\tscard.exe
2017-06-06 18:18 - 2016-01-02 18:19 - 000305734 _____ (John El Self) C:\Users\TSWIN WG\tswin.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-14 09:42

==================== End of FRST.txt ============================

 

[necee99]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.11.2018
Ran by Al (14-11-2018 11:32:49)
Running from C:\Users\Al\Desktop\FRST-OlderVersion
Microsoft Windows 10 Home Version 1803 17134.345 (X86) (2018-06-14 16:01:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2379882677-3212271105-2545831031-500 - Administrator - Disabled)
Al (S-1-5-21-2379882677-3212271105-2545831031-1001 - Administrator - Enabled) => C:\Users\Al
DefaultAccount (S-1-5-21-2379882677-3212271105-2545831031-503 - Limited - Disabled)
Guest (S-1-5-21-2379882677-3212271105-2545831031-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2379882677-3212271105-2545831031-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.48 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2379882677-3212271105-2545831031-1001\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2379882677-3212271105-2545831031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016579\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation)
REALTEK Bluetooth (HKLM\...\{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.103.50731 - REALTEK Semiconductor Corp.) Hidden
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.103.50731 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.00.0282 - REALTEK Semiconductor Corp.)
Watchtower Library - English (HKLM\...\{1D72ED8E-EA0F-4AE3-BBC5-2EC55FA5649F}) (Version: 18.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-12-21] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0241D06E-C161-4104-BBBC-365B15BB62CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {0C24F515-33C1-4DBD-B7DA-DD129730F303} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {0FE734D0-9496-46C6-A4DC-8EEA67FACB94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {1767B030-2852-4998-8354-0183EF8297BD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-10-23] (Piriform Ltd)
Task: {6184CB90-E762-4390-9458-1321530461FB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)
Task: {B2AD6E60-070B-4706-9C4F-DC3F90503A1F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-10-23] (Piriform Ltd)
Task: {BAC13C77-52A3-4970-809F-25FDB3F0A948} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-30] (Google Inc.)
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {CD5EA7CD-54B9-464E-9A59-AF89F1946DB6} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {D370F56B-6B02-4C3E-9046-1E66D764B5F6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-10-30] (AVAST Software) <==== ATTENTION
Task: {DEA3E540-8B23-49B8-8171-7BC005D65C95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-30] (Google Inc.)
Task: {FC657659-DAFC-4D1D-B674-A1915DAA1ED6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-03-09 21:52 - 2015-08-03 15:49 - 000147160 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2018-10-30 13:10 - 2018-10-18 08:44 - 002225368 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-11 14:29 - 2018-04-11 14:29 - 000364200 _____ () C:\Windows\System32\InputHost.dll
2016-03-09 01:32 - 2015-12-21 12:39 - 000415720 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-11 14:29 - 2018-04-11 14:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 14:29 - 2018-04-11 14:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-16 08:29 - 2018-09-19 22:08 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-13 18:55 - 2018-11-08 16:32 - 004238168 _____ () C:\Program Files\Google\Chrome\Application\70.0.3538.102\libglesv2.dll
2018-11-13 18:55 - 2018-11-08 16:32 - 000096600 _____ () C:\Program Files\Google\Chrome\Application\70.0.3538.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Al\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaspie.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:48 - 2015-10-29 23:47 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100015997\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016248\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2379882677-3212271105-2545831031-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11012018100016579\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C0BC30F-84A2-49DA-97E2-691E25C5ABBF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{AB7190CE-41E0-4DFD-B1E3-0925DB8A8EB7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{C567789B-2E08-4E15-A13F-3FF1B9D48018}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2E51CE69-F1A6-432D-BA40-E8D7D7F42326}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{9C61BFF1-CB59-466F-885F-EDA2AA52BAF0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2018 11:20:04 AM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DESKTOP-VOOUCSA)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (11/14/2018 11:01:27 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1287038995 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/14/2018 10:59:18 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1286905069 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/13/2018 09:22:11 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1237865987 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/13/2018 07:35:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.1.0.1644, time stamp: 0x5bc8b2d1
Faulting module name: Qt5Core.dll, version: 5.11.1.0, time stamp: 0x5b9bc256
Exception code: 0xc0000005
Fault offset: 0x0019d749
Faulting process id: 0xe90
Faulting application start time: 0x01d47bba4ec08b2d
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 2ffc0723-86ee-497b-add9-ee8e1afefbc5
Faulting package full name:
Faulting package-relative application ID:

Error: (11/13/2018 07:35:18 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1231447631 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/13/2018 07:30:51 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1231174656 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (11/11/2018 10:12:43 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10900.175) TYPE: ERROR MODULE: DPTF TIME 1024818069 ms

DPTF Build Version: 8.1.10900.175
DPTF Build Date: Jul 24 2015 04:00:18
Source File: ..\..\..\..\Sources\Policies\DbptPolicy\DbptPolicyManager.cpp @ line 113
Executing Function: DbptManager::executePdrtControlKnobs
Message: Failed to apply control ConfigTdpControlTurboState: invalid map<K, T> key
Participant: TCPU [4]
Domain: Invalid [1]
Policy: DBPT Policy [2]


System errors:
=============
Error: (11/14/2018 11:31:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2018 11:02:25 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VOOUCSA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VOOUCSA\Al SID (S-1-5-21-2379882677-3212271105-2545831031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2018 11:01:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/14/2018 10:59:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2018 09:31:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VOOUCSA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VOOUCSA\Al SID (S-1-5-21-2379882677-3212271105-2545831031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2018 09:22:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2018 09:22:11 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter, {F3535ADD-40C6-49D2-B74E-19FB202DED3D}, had event 74

Error: (11/13/2018 09:07:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VOOUCSA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-VOOUCSA\Al SID (S-1-5-21-2379882677-3212271105-2545831031-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-08-19 10:26:51.162
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FFA938B8-26F5-45F5-8DF4-4889A6D3ED98}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-11 10:30:08.948
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.279.1518.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.4
Error code: 0x80246013
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-10-14 10:00:46.311
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.749.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-10-14 10:00:46.309
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.749.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-10-14 10:00:46.307
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.749.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-10-14 10:00:46.248
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.277.749.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15300.6
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-11-02 08:17:27.699
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-02 08:17:27.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-02 08:17:27.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-02 08:17:27.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-01 22:12:28.159
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-01 22:11:57.516
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-01 22:11:55.108
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

Date: 2018-11-01 22:11:31.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz
Percentage of memory in use: 73%
Total physical RAM: 1912.2 MB
Available physical RAM: 498.26 MB
Total Virtual: 3640.2 MB
Available Virtual: 1319.63 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:57.06 GB) (Free:32.33 GB) NTFS

\\?\Volume{b9cd66fd-2da3-46e5-8632-8e7facd174cc}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.14 GB) NTFS
\\?\Volume{dedacf61-5154-4239-9051-c09aa61155dc}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 57.6 GB) (Disk ID: 9822F9D3)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Do NOT create new topic to post logs.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[necee99]

RogueKiller Anti-Malware V13.0.10.0 [Nov 14 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 32 bits
Started in : Normal mode
User : Al [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Standard Scan, Delete -- Date : 2018/11/14 18:56:36 (Duration : 00:25:50)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[VT.Unknown (Potentially Malicious)] WordIm.exe [Microsoft Corporation] -- %ProgramFiles%\WindowsApps\Microsoft.Office.Word_16001.11029.20046.0_x86__8wekyb3d8bbwe\WordIm.exe -> Killed [Tree]

 

[necee99]

Im sorry but the rogue killer instructions were a tab bit confusing. the first time I did a quick scan by mistake and it located 2 other potentially dangerous .PUP files. I removed them and tried to send report but it went back to the start.

 

[necee99]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/14/18
Scan Time: 7:06 PM
Log File: b9e11dd4-e872-11e8-bb5e-000000000000.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7849
License: Free

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x86
File System: NTFS
User: DESKTOP-VOOUCSA\Al

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 177235
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[necee99]

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-14.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-14-2018
# Duration: 00:00:17
# OS: Windows 10 Home
# Scanned: 32073
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy Ask
PUP.Optional.Legacy AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Broni]

I don't see much there.

"All of a sudden I started to get an error message with a lady's voice saying my computer has been infected by spyware and all of my sensitive info has been compromised".
Does the above happen when you have some browser open? Does it happen all the time? Which browser? Chrome?

 

[necee99]

It happened with Internet explorer only. I stopped using it and switched to chrome.

 

[Broni]

Was it happening all the time or it happened just once on some specific website?

 

[necee99]

It happened one time going to one website on this computer . I went to the same site on another device and it was fine. Allowed me to log in fine.

 

[Broni]

You should be good to go. I don't see anything malicious there
Good luck and stay safe

 

[necee99]

OK thanks

 

[Broni]