Inactive-A Suspicious activity with what looks like my PC being Cloned ?

Status
Not open for further replies.

lordy007

TS Rookie
Hello all, please can you cast your eyes over the scans I took and help me, I've noticed strange things for a while now, but ignored them, it was only yesterday / today did I take a good look round and found all kinds of weird stuff, like user profiles with permissions from inbound sources, not being able to update various programs, and today a virtual wired network to which apparently I was, still am connected to...

I tried to copy and paste the text for you guys but there was to much, as I really think you need to see to understand the cloning of my machine
 

Attachments

lordy007

TS Rookie
Personally, I would nuke it on the first sign of anything like it - new storage or at least repartition and non-quick format. If you want to fiddle, then there is Broni over in the Antimalware forum - he'll help you tear it out at the roots.
https://www.techspot.com/community/forums/virus-and-malware-removal.28/
Thank you for your reply, and yes you're probably right about ditching it but I have loads of work etc over the past few years, and it's still a fairly powerful PC for what I need it for :)

On another note, is there a way for me to move this post to the forum you suggested ?
 

Cycloid Torus

Stone age computing - click on the rock below..
You don't have to frag the system, just consider replacing storage - or at least taking strong steps (change the drive back to original unpartitioned state, then repartition using Windows 10 clean install. If you have data and or work you want to save, do that on to a flash drive. Hard drives cost $50-$80, so you might think new. Microsoft provides installation media for free.

As for Broni, I recommend that you start a new post after reading the sticky notes at the top of the forum.
 

Broni

Malware Annihilator
Welcome aboard


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

As our rules say, if the log doesn't fit into one reply split it between couple of replies.
All logs have to be pasted not attached.
 

lordy007

TS Rookie
Thank you for your reply, I'm not convinced this is just some kind of malware, user rights keep being taken away from me, files move on my desktop, in device manager there is a complete clone of my pc, it's all a bit strange, something like out of a bond film

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
Ran by lordj (administrator) on LORDS-MONEY-MAC (ASUS All Series) (06-06-2019 03:40:06)
Running from C:\Users\lordj\Desktop
Loaded Profiles: lordj (Available Profiles: lordj & lewis)
Platform: Windows 10 Pro Version 1803 17134.799 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(DTS, Inc. -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sage (UK) Limited) [File not signed] C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-01-18] () [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [v4EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [7116800 2017-05-17] (Eastman Kodak Company) [File not signed]
HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [7116800 2017-05-17] (Eastman Kodak Company) [File not signed]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoFavoritesMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {1f603033-cd91-11e8-a32c-bcee7b9d9734} - "H:\Setup.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {31036bc9-519a-11e8-a2ac-bcee7b9d9734} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {bec70ad3-87d0-11e9-a399-bcee7b9d9734} - "H:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-05] (Google LLC -> Google Inc.)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\lordj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2018-12-25]
ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 

lordy007

TS Rookie
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C94343-A5C0-4BCE-9413-3F699B90C7B1} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {052E1DA1-1216-44FD-9F5C-A99550609434} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EA5337B-CDBF-4D76-A90A-A098679916C3} - System32\Tasks\adobe acrobat update task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {16A64DC9-A295-4145-9862-103F76D82A4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-06] (Google Inc -> Google Inc.)
Task: {348C30F9-6309-40C9-BE36-5EAEAEDCD813} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {38E3801D-BC56-429E-B230-3162247DA9CE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3A69A518-0FAD-447C-BCA4-FE6C24C5841D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3C448058-1B1E-4204-97F3-DE7359EE6BBA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {400F5B60-C559-4628-ACC2-3905DAEE339B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {408B53B5-E2B5-4E44-8052-91FD6F819BFF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4212028D-F274-4BCC-84F1-06CF2EFE8A26} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {438462EB-E18A-4716-96D1-7F821AC777FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5047B871-F5A0-4021-BD5D-5F008D8843F8} - System32\Tasks\update-S-1-5-21-3193031890-3382897552-1219898279-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {531ED7E1-CA19-4D84-84E9-5C687F9B27C4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {62320466-24EA-43B9-84C7-EA76CD36E095} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {74137B2F-59CB-46E4-9861-1DCE39AD1960} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3193031890-3382897552-1219898279-1010 => C:\Users\lordj\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {75AD4F71-15EF-43FB-9DD8-1C570BD7AB59} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {7F1017CA-AC4E-4A83-BBAD-7F0F63B6C02C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87B6D84C-AF70-477F-8FC7-992E34C20911} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {939AD483-0D82-4B28-839C-852749E9380C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9CCE4732-69D5-4F8A-B743-5AB0CD9BD8B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470320 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D46B215-F69C-4958-B7B5-B885B291BC64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448056 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7D0CEBB-3CEB-4809-9817-4D77BFA15790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-06] (Google Inc -> Google Inc.)
Task: {A7D1D2AB-7AE2-450E-9AF6-540D10C64569} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A84E2206-B893-4568-BFD2-7483ECC1D375} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470320 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A86D74DE-C4EA-4985-9448-FB9F1A01AF6E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498208 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DC0534-AA6C-4AFD-AB4D-FA11C758D10F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1A64999-08E1-432E-A819-DD97C127360F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B599C49A-FF79-47A7-9F0C-86BF6E5AC119} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8A84B6-B38B-4298-B41F-F12B724B32B9} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [10385408 2015-03-11] (ASUS) [File not signed]
Task: {C2BB2F27-244E-4C5A-8452-414E151EE8B4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E17BECE0-9D5C-4320-9BB2-95D346BBC93C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {EBB99418-AD66-4827-A7E0-26C17FD9B821} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F546EE03-6093-4A85-996B-A258B7E11A90} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448056 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5D2625D-23A0-42F2-996F-275D30B2D5C0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCA9FDCF-B6C5-4CC4-80DF-7974C427691A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF8CBE6A-22F8-46D8-A596-619F396839AF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3193031890-3382897552-1219898279-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0a7deeff-253e-4bc7-98c7-ec2d8132b276}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{73ae4125-b214-470b-a221-bad0d5b7a7fa}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{73d026f9-045e-4fac-9373-75919bbd12c7}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5iqg8ulw.default-1553006178345
FF ProfilePath: C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345 [2019-06-04]
FF Extension: (English (GB) Language Pack) - C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2019-03-19]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345\Extensions\marcoagpinto@mail.telepac.pt.xpi [2019-04-11]
FF ProfilePath: C:\Users\lordj\AppData\Roaming\kompozer.net\KompoZer\Profiles\dyca82k3.default [2017-05-31]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lordj\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-05-30]

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://mysearch.avg.com?cid={8C41E477-0823-4B79-A6C2-A315B9F86BB3}&mid=4b17a5e7ee4647d2a75d6da73d797ec7-3018f7204a0c9d6d6f79046117de146a3a0e0fe8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 18:11:30&v=18.1.5.512&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Profile 2 -> "hxxp://mysearch.avg.com?cid={8C41E477-0823-4B79-A6C2-A315B9F86BB3}&mid=4b17a5e7ee4647d2a75d6da73d797ec7-3018f7204a0c9d6d6f79046117de146a3a0e0fe8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 18:11:30&v=18.1.5.512&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={8C41E477-0823-4B79-A6C2-A315B9F86BB3}&mid=4b17a5e7ee4647d2a75d6da73d797ec7-3018f7204a0c9d6d6f79046117de146a3a0e0fe8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 18:11:30&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={8C41E477-0823-4B79-A6C2-A315B9F86BB3}&mid=4b17a5e7ee4647d2a75d6da73d797ec7-3018f7204a0c9d6d6f79046117de146a3a0e0fe8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 18:11:30&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=b92d29168c9d4b1694bf5926bdae090d&tu=10G9y00Kf2D33N0&sku=&tstsId=&ver=&"
CHR Profile: C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-06-06]
CHR Extension: (Slides) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-15]
CHR Extension: (Docs) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-15]
CHR Extension: (Google Drive) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-15]
CHR Extension: (YouTube) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-15]
CHR Extension: (Adobe Acrobat) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-05-15]
CHR Extension: (Sheets) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-15]
CHR Extension: (Google Docs Offline) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-15]
CHR Extension: (Gmail) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-15]
CHR Profile: C:\Users\lordj\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-29]
CHR HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2016-04-12] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-07-04] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11145800 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc. -> DTS, Inc)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-12-06] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-12-06] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [285696 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 klvssbridge64_18.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe" [X]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 

lordy007

TS Rookie
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\WINDOWS\System32\Drivers\wsadb.sys [40720 2017-02-26] (Shenzhen Wondershare Information Technology Co., Ltd. -> Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-04-12] (ASUSTeK Computer Inc. -> )
R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [88936 2015-06-17] (ASMedia Technology Inc. -> Asmedia Technology)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8597208 2014-12-24] (Broadcom Corporation -> Broadcom Corporation)
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation -> EldoS Corporation)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2016-03-04] (WDKTestCert Robert,130802973755980687 -> C-MEDIA)
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [52848 2016-08-03] (Elgato Systems LLC -> UB658)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2016-09-20] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2018-03-15] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd. -> Zemana Ltd.)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-27] (Microsoft Corporation -> Microsoft Corporation)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-05] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-05] (Adlice -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-06 03:40 - 2019-06-06 03:40 - 000037275 ____C C:\Users\lordj\Desktop\FRST.txt
2019-06-06 03:40 - 2019-06-06 03:40 - 000000000 ____C C:\Users\lordj\Desktop\New Text Document (10).TXT
2019-06-06 03:21 - 2019-06-06 03:21 - 000000000 ____C C:\Users\lordj\Desktop\New Text Document (9).TXT
2019-06-06 02:54 - 2019-06-06 02:53 - 037523103 ____C C:\Users\lordj\Desktop\RT-AC88U_384.11_2.zip
2019-06-06 02:54 - 2019-05-18 00:38 - 037511168 ____C C:\Users\lordj\Desktop\RT-AC88U_384.11_2.trx
2019-06-05 23:53 - 2019-06-05 23:53 - 000000000 ___DC C:\Users\lordj\Desktop\New folder (4)
2019-06-05 21:30 - 2019-06-05 21:30 - 000275232 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-05 20:53 - 2019-06-06 03:40 - 000000000 ___DC C:\FRST
2019-06-05 20:47 - 2019-06-05 20:48 - 000000000 ___DC C:\ProgramData\RogueKiller
2019-06-05 20:47 - 2019-06-05 20:47 - 000003152 ____C C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-06-05 20:46 - 2019-06-05 20:46 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-05 20:46 - 2019-06-05 20:46 - 000000000 ___DC C:\Program Files\RogueKiller
2019-06-05 20:45 - 2019-06-05 20:46 - 000000000 ___DC C:\AdwCleaner
2019-06-05 20:34 - 2019-06-05 20:48 - 000028272 ____C C:\WINDOWS\system32\Drivers\truesight.sys
2019-06-05 20:25 - 2019-06-05 20:25 - 002417664 ____C (Farbar) C:\Users\lordj\Desktop\FRST64.exe
2019-06-05 20:20 - 2019-06-05 20:20 - 029930816 ____C (Adlice Software ) C:\Users\lordj\Desktop\RogueKiller_setup_ref3.exe
2019-06-05 20:20 - 2019-06-05 20:20 - 007025360 ____C (Malwarebytes) C:\Users\lordj\Desktop\AdwCleaner.exe
2019-06-05 17:22 - 2019-06-05 17:24 - 000002242 ____C C:\Users\lordj\Desktop\New Text Document (8).TXT
2019-06-05 17:20 - 2019-06-05 17:33 - 000000000 ___DC C:\ESD
2019-06-05 17:19 - 2019-06-05 19:51 - 000000000 ___DC C:\WINDOWS\Panther
2019-06-05 17:19 - 2019-06-05 17:19 - 000000000 ___DC C:\$WINDOWS.~BT
2019-06-05 17:18 - 2019-06-05 17:18 - 000000000 __HDC C:\$Windows.~WS
2019-06-05 17:13 - 2019-06-05 17:13 - 000050477 ____C C:\Users\lordj\Desktop\Defogger.exe
2019-06-05 16:26 - 2019-06-05 16:26 - 019256968 ____C (Microsoft Corporation) C:\Users\lordj\Desktop\MediaCreationTool1903.exe
2019-06-05 14:36 - 2019-06-05 14:36 - 000000000 ____C C:\Users\lordj\Desktop\New Text Document (6).TXT
2019-06-05 03:52 - 2019-02-16 08:34 - 000108032 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2019-06-05 03:52 - 2019-02-16 08:32 - 000285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2019-06-05 03:52 - 2019-02-16 08:31 - 000485888 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2019-06-05 03:52 - 2019-02-16 08:31 - 000448512 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2019-06-05 03:52 - 2019-02-16 08:31 - 000264192 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2019-06-05 03:52 - 2019-02-16 08:29 - 000382976 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2019-06-05 03:52 - 2018-10-21 08:17 - 001265152 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2019-06-05 03:52 - 2018-08-03 06:36 - 000260608 ____C (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2019-06-05 03:52 - 2018-08-03 04:12 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2019-06-05 03:52 - 2018-08-03 04:07 - 000627200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2019-06-05 00:41 - 2019-06-05 03:52 - 000000000 ___DC C:\WINDOWS\system32\OpenSSH
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 _RSDC C:\WINDOWS\SysWOW64\WindowsDevicePortal
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 _RSDC C:\WINDOWS\system32\WindowsDevicePortal
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 __RDC C:\WINDOWS\WebManagement
2019-06-05 00:41 - 2018-04-10 21:09 - 000033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2019-06-05 00:41 - 2018-04-10 21:09 - 000020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2019-06-05 00:41 - 2018-04-10 21:08 - 000090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2019-06-05 00:41 - 2018-04-10 21:08 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2019-06-05 00:41 - 2018-04-10 21:07 - 000151040 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2019-06-05 00:41 - 2018-04-10 21:07 - 000082944 ____C (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2019-06-05 00:41 - 2018-03-10 18:20 - 001999872 ____C C:\WINDOWS\system32\libcrypto.dll
2019-06-04 21:50 - 2019-06-04 21:50 - 000000000 ____C C:\Users\lordj\Desktop\New Text Document (4).TXT
2019-06-04 17:44 - 2019-05-15 05:28 - 000005921 ___RC C:\Users\lordj\Desktop\Settings (2019_05_20 22_13_45 UTC).xml
2019-06-04 14:33 - 2019-06-04 14:33 - 000108504 ____C C:\Users\lordj\Desktop\A_C_Fire_Protection_Services_Ltd_Excess_Layer.pdf
2019-06-04 00:19 - 2019-06-04 00:19 - 000002498 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002493 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002492 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002456 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002455 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002449 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002443 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002435 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-06-01 05:27 - 2019-06-01 05:27 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\PDFescape Desktop
2019-06-01 03:59 - 2019-06-01 03:59 - 000000000 ___DC C:\Users\lordj\Desktop\New folder (3)
2019-05-30 09:04 - 2019-05-30 09:04 - 000000000 ___DC C:\Program Files\HitmanPro
2019-05-30 08:52 - 2019-05-30 08:52 - 000000000 ___DC C:\ProgramData\WebEx
2019-05-30 08:49 - 2019-05-30 08:49 - 000000000 ___DC C:\ProgramData\HitmanPro
2019-05-30 03:35 - 2019-05-30 03:35 - 000000000 ___DC C:\SymCache
2019-05-30 03:25 - 2019-05-30 03:25 - 000000000 ___DC C:\Users\lordj\OneDrive\Documents\OneNote Notebooks
2019-05-30 00:47 - 2019-06-05 01:57 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\vlc
2019-05-29 23:13 - 2019-05-29 23:13 - 000000803 ____C C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2019-05-29 23:13 - 2019-05-29 23:13 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2019-05-29 04:06 - 2019-05-29 04:06 - 000000000 ___DC C:\ProgramData\Sophos
2019-05-29 04:01 - 2019-05-29 04:01 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-29 04:00 - 2019-05-29 04:00 - 000000000 ___DC C:\Program Files (x86)\Sophos
2019-05-29 02:37 - 2019-05-17 13:44 - 000348160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-05-29 02:37 - 2019-05-17 13:41 - 021388968 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-05-29 02:37 - 2019-05-17 13:40 - 002394960 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-05-29 02:37 - 2019-05-17 13:40 - 000280888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-05-29 02:37 - 2019-05-17 13:27 - 006586880 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-05-29 02:37 - 2019-05-17 13:26 - 004393984 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-05-29 02:37 - 2019-05-17 13:26 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 012756480 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 004718080 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 004491264 ____C (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-05-29 02:37 - 2019-05-17 13:25 - 000039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-05-29 02:37 - 2019-05-17 13:24 - 000122368 ____C (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000182272 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000110080 ____C (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-05-29 02:37 - 2019-05-17 13:22 - 000392192 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-05-29 02:37 - 2019-05-17 13:22 - 000182784 ____C (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001180672 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001121792 ____C (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000878592 ____C (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000274944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000221184 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-05-29 02:37 - 2019-05-17 13:20 - 003613696 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-29 02:37 - 2019-05-17 13:20 - 002084864 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-05-29 02:37 - 2019-05-17 13:20 - 001970688 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000725504 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000424448 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000224256 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2019-05-29 02:37 - 2019-05-17 13:19 - 000757248 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-05-29 02:37 - 2019-05-17 13:09 - 020383616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-05-29 02:37 - 2019-05-17 13:07 - 002206424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-05-29 02:37 - 2019-05-17 13:00 - 011942400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-29 02:37 - 2019-05-17 13:00 - 005658112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-05-29 02:37 - 2019-05-17 12:58 - 003397632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-05-29 02:37 - 2019-05-17 12:58 - 000184320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2019-05-29 02:37 - 2019-05-17 12:56 - 000344576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-05-29 02:37 - 2019-05-17 12:56 - 000240640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 002881536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-29 02:37 - 2019-05-17 12:55 - 000704000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000668160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000470528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000352256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2019-05-29 02:37 - 2019-05-17 12:54 - 002016768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-05-29 02:37 - 2019-05-17 12:54 - 000908288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-05-29 02:37 - 2019-05-17 10:33 - 001008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-29 02:37 - 2019-05-17 09:52 - 000868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-29 02:37 - 2019-05-17 08:07 - 000105272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-05-29 02:37 - 2019-05-17 07:44 - 000829960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-05-29 02:37 - 2019-05-17 07:44 - 000550520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-05-29 02:37 - 2019-05-17 07:43 - 000297688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 006573472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 006043496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 004789944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 002256560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001989552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001980256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001620264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001380096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001130568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 000129088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 000125504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-05-29 02:37 - 2019-05-17 07:34 - 022020096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-29 02:37 - 2019-05-17 07:30 - 013878784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-05-29 02:37 - 2019-05-17 07:26 - 002969600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-29 02:37 - 2019-05-17 07:25 - 019374080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 001361408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 000074240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-29 02:37 - 2019-05-17 07:23 - 000068096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-05-29 02:37 - 2019-05-17 07:22 - 000142848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-05-29 02:37 - 2019-05-17 07:22 - 000031232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000333824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000326144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-05-29 02:37 - 2019-05-17 07:21 - 000224768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000366080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 004515840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001630720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001110528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001073664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 000873472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 000835584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 002796032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 001006592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 000778240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-29 02:37 - 2019-05-17 07:11 - 001035256 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 001219896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 001063224 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-05-29 02:37 - 2019-05-17 07:08 - 001027384 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 000723432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000568104 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 000491200 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000401328 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-29 02:37 - 2019-05-17 07:07 - 009084216 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 007520112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 007436536 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 004404720 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002768960 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002571640 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002467320 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 001459120 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-29 02:37 - 2019-05-17 07:07 - 001288712 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 001260272 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 000930616 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 000275768 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 000260800 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001943136 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001784696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001140992 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-29 02:37 - 2019-05-17 07:06 - 001098056 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 000983424 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-29 02:37 - 2019-05-17 07:06 - 000151888 ____C (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-05-29 02:37 - 2019-05-17 06:48 - 025857536 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-29 02:37 - 2019-05-17 06:44 - 016597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-05-29 02:37 - 2019-05-17 06:41 - 022719488 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-29 02:37 - 2019-05-17 06:38 - 004709376 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 004385280 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 000185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 000108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000228864 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-05-29 02:37 - 2019-05-17 06:36 - 000115200 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000096768 ____C (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000067584 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-05-29 02:37 - 2019-05-17 06:36 - 000034816 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-05-29 02:37 - 2019-05-17 06:35 - 003400192 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-29 02:37 - 2019-05-17 06:35 - 000433152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000362496 ____C (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000322560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 001804288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 001708544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000671744 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000275456 ____C (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-05-29 02:37 - 2019-05-17 06:34 - 000270336 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000175104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000141312 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 003091456 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002912256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002370560 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002175488 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 001487360 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 001214464 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 000787968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-05-29 02:37 - 2019-05-17 06:33 - 000270336 ____C (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-05-29 02:37 - 2019-05-17 06:32 - 001070080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-05-29 02:37 - 2019-05-17 06:32 - 000815104 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 004937216 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 003376640 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 003293184 ____C (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001854976 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001805312 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001560576 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001383424 ____C (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001211904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001027584 ____C (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 000620032 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 000466432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000900096 ____C (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000276992 ____C (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-05-29 02:37 - 2019-05-17 05:15 - 000001308 ____C C:\WINDOWS\system32\tcbres.wim
2019-05-23 09:05 - 2019-05-23 09:05 - 000000271 ____C C:\Users\lordj\Desktop\CIS return address.TXT
2019-05-20 22:04 - 2019-05-20 22:04 - 000000000 ___DC C:\Users\lordj\Desktop\wales
2019-05-20 19:17 - 2019-05-17 07:42 - 005625160 ____C (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 19:17 - 2019-05-17 07:04 - 001826816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 19:17 - 2019-05-17 07:03 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 19:16 - 2019-05-17 07:06 - 001307648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 19:16 - 2019-05-17 07:00 - 001295360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-15 00:51 - 2019-05-03 13:14 - 000790208 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 00:51 - 2019-05-03 13:14 - 000304144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-15 00:51 - 2019-05-03 13:13 - 001376472 ____C (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 00:51 - 2019-05-03 13:13 - 000396088 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-15 00:51 - 2019-05-03 12:55 - 000123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 00:51 - 2019-05-03 12:54 - 000177664 ____C (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 00:51 - 2019-05-03 12:52 - 000119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 00:51 - 2019-05-03 12:50 - 004054528 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 00:51 - 2019-05-03 12:50 - 001663488 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 001288704 ____C (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 000488448 ____C (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 000210944 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 00:51 - 2019-05-03 12:43 - 001027008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 00:51 - 2019-05-03 12:43 - 000662328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-15 00:51 - 2019-05-03 12:30 - 000138752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 00:51 - 2019-05-03 12:30 - 000098304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 00:51 - 2019-05-03 12:28 - 000089600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 00:51 - 2019-05-03 12:27 - 000176640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 00:51 - 2019-05-03 12:26 - 000425472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 00:51 - 2019-05-03 12:25 - 004055040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 00:51 - 2019-05-03 12:25 - 001471488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 00:51 - 2019-05-03 07:43 - 000177128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 00:51 - 2019-05-03 07:35 - 002300528 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-05-15 00:51 - 2019-05-03 07:34 - 000159864 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 00:51 - 2019-05-03 07:33 - 000709720 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-15 00:51 - 2019-05-03 07:33 - 000063072 ____C (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000793640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-15 00:51 - 2019-05-03 07:32 - 000776784 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000493880 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 00:51 - 2019-05-03 07:32 - 000438984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000209208 ____C (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 00:51 - 2019-05-03 07:32 - 000170296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 00:51 - 2019-05-03 07:32 - 000164664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 002811192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 000545808 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 00:51 - 2019-05-03 07:31 - 000412984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 000115728 ____C (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 00:51 - 2019-05-03 07:20 - 000434704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 00:51 - 2019-05-03 07:20 - 000384976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 00:51 - 2019-05-03 07:20 - 000192016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 00:51 - 2019-05-03 07:20 - 000146920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 00:51 - 2019-05-03 07:19 - 000665224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 00:51 - 2019-05-03 07:19 - 000056288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 00:51 - 2019-05-03 07:02 - 004866048 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 00:51 - 2019-05-03 07:01 - 008189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 006661632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 000120832 ____C (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 000099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 007593472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 005788672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 003710976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 000514560 ____C (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 00:51 - 2019-05-03 06:59 - 000204288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 00:51 - 2019-05-03 06:58 - 000726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 00:51 - 2019-05-03 06:58 - 000462336 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-15 00:51 - 2019-05-03 06:57 - 001549824 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-15 00:51 - 2019-05-03 06:57 - 000561152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-15 00:51 - 2019-05-03 06:56 - 000773632 ____C (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 00:51 - 2019-05-03 06:55 - 002166784 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 00:51 - 2019-05-03 06:55 - 000659968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000961024 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000845824 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000778752 ____C (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-15 00:51 - 2019-05-03 06:54 - 000776192 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000669184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000667136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000543744 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000535552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 00:51 - 2019-05-03 06:53 - 000204800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000181760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 00:51 - 2019-04-19 11:55 - 001634920 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-15 00:51 - 2019-04-19 11:54 - 000720200 ____C (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-15 00:51 - 2019-04-19 11:38 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-15 00:51 - 2019-04-19 11:38 - 000040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-15 00:51 - 2019-04-19 11:36 - 000346112 ____C (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-15 00:51 - 2019-04-19 11:34 - 000522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-15 00:51 - 2019-04-19 10:44 - 001454648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-15 00:51 - 2019-04-19 10:37 - 000607960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-15 00:51 - 2019-04-19 10:30 - 000036864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-15 00:51 - 2019-04-19 10:26 - 002405888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-15 00:51 - 2019-04-19 10:25 - 000423936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-15 00:51 - 2019-04-19 06:07 - 000985400 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-15 00:51 - 2019-04-19 06:06 - 000798520 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-15 00:51 - 2019-04-19 06:06 - 000713264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-15 00:51 - 2019-04-19 06:06 - 000436024 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-15 00:51 - 2019-04-19 06:02 - 000831800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-15 00:51 - 2019-04-19 06:01 - 000581592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-15 00:51 - 2019-04-19 06:01 - 000576016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-15 00:51 - 2019-04-19 06:01 - 000380728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-15 00:51 - 2019-04-19 05:43 - 000150016 ____C (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-15 00:51 - 2019-04-19 05:41 - 000140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-15 00:51 - 2019-04-19 05:41 - 000095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-15 00:51 - 2019-04-19 05:40 - 000342528 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-15 00:51 - 2019-04-19 05:40 - 000243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000172544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000167936 ____C (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000567296 ____C (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000425472 ____C (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000374784 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-15 00:51 - 2019-04-19 05:39 - 000204288 ____C (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000593408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000304128 ____C (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000300544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000953856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000621056 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000445952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000397312 ____C (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000381952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000221184 ____C (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 001300992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000827392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000546816 ____C (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000357888 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000186368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001938944 ____C (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001458688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001175552 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001156608 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000784896 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000535040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000523776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000312320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000935936 ____C (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000885760 ____C (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000653312 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 04:18 - 000806360 ____C C:\WINDOWS\SysWOW64\locale.nls
2019-05-15 00:51 - 2019-04-19 04:18 - 000806360 ____C C:\WINDOWS\system32\locale.nls
2019-05-15 00:51 - 2019-04-09 02:48 - 001311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000376320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000353280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000240640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
 

lordy007

TS Rookie
==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-06 03:40 - 2018-05-16 10:24 - 027962974 ____C C:\WINDOWS\ntbtlog.txt
2019-06-06 03:30 - 2018-04-12 00:36 - 000000000 ___DC C:\WINDOWS\INF
2019-06-06 02:22 - 2017-01-07 05:41 - 000000000 ___DC C:\Users\lordj\AppData\Local\CrashDumps
2019-06-06 02:03 - 2017-02-26 03:07 - 000000000 ___DC C:\Users\lordj\AppData\Local\Apple Computer
2019-06-06 01:40 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\Registration
2019-06-06 01:20 - 2018-04-12 00:38 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2019-06-05 22:45 - 2018-03-01 18:47 - 000000449 ____C C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-06-05 21:37 - 2018-05-31 11:16 - 000005596 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-05 21:32 - 2016-12-06 22:03 - 000000000 ___DC C:\ProgramData\NVIDIA
2019-06-05 21:30 - 2019-04-13 18:07 - 000000000 ___DC C:\ProgramData\Kodak
2019-06-05 21:30 - 2018-05-31 11:18 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2019-06-05 21:30 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-05 21:30 - 2017-02-26 09:57 - 000000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-06-05 21:25 - 2018-04-12 00:38 - 000000000 __HDC C:\WINDOWS\ELAMBKUP
2019-06-05 19:50 - 2016-12-19 16:58 - 000007656 ____C C:\Users\lordj\AppData\Local\resmon.resmoncfg
2019-06-05 19:10 - 2018-03-01 19:07 - 000000000 ___DC C:\WINDOWS\system32\Drivers\wd
2019-06-05 18:45 - 2018-04-12 00:38 - 000000000 __HDC C:\WINDOWS\system32\AppLocker
2019-06-05 17:15 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-05 15:06 - 2019-04-14 00:52 - 000002376 _RSHC C:\Users\lordj\ntuser.pol
2019-06-05 15:06 - 2018-05-31 11:09 - 000000000 ___DC C:\Users\lordj
2019-06-05 14:04 - 2018-05-31 11:07 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
2019-06-05 03:54 - 2016-12-08 00:06 - 000000000 ___DC C:\Users\lordj\AppData\Local\ElevatedDiagnostics
2019-06-05 03:52 - 2018-04-12 00:30 - 000000000 ___DC C:\WINDOWS\CbsTemp
2019-06-05 03:39 - 2017-02-26 07:55 - 000009426 _RSHC C:\ProgramData\ntuser.pol
2019-06-05 01:03 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\AppReadiness
2019-06-05 00:55 - 2016-12-06 22:15 - 000000000 ___DC C:\Users\lordj\AppData\Local\ConnectedDevicesPlatform
2019-06-05 00:47 - 2019-04-10 21:48 - 000000000 ___DC C:\Program Files\SUPERAntiSpyware
2019-06-05 00:41 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SystemApps
2019-06-05 00:41 - 2017-12-12 12:39 - 000000000 ___DC C:\Users\lordj\AppData\Local\Packages
2019-06-05 00:14 - 2018-05-31 11:48 - 000000000 ___DC C:\Users\lordj\AppData\Local\D3DSCache
2019-06-04 23:22 - 2017-11-22 19:16 - 000000000 __RDC C:\Users\lordj\3D Objects
2019-06-04 23:22 - 2016-06-07 14:20 - 000000000 _RHDC C:\Users\Public\AccountPictures
2019-06-04 23:20 - 2018-05-31 11:07 - 000417512 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-04 23:19 - 2019-04-18 12:07 - 000000000 ___DC C:\Program Files\Hyper-V
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\TextInput
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\ShellExperiences
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\Provisioning
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\PolicyDefinitions
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\bcastdvr
2019-06-04 22:46 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\lv-LV
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\lt-LT
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\et-EE
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\es-MX
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\lv-LV
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\lt-LT
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\et-EE
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\es-MX
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2019-06-04 20:15 - 2019-04-22 03:20 - 000000000 ___DC C:\Users\lordj\AppData\Local\PokerStars.UK
2019-06-04 19:54 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\NDF
2019-06-04 16:00 - 2016-12-06 22:17 - 000000000 ___DC C:\Users\lordj\AppData\Local\Comms
2019-06-04 00:17 - 2016-12-06 22:30 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
2019-06-03 04:23 - 2017-02-01 13:41 - 000000000 ___DC C:\Users\lordj\AppData\LocalLow\Mozilla
2019-06-02 11:30 - 2017-01-20 17:14 - 000000000 ___DC C:\Users\lordj\AppData\Local\Dropbox
2019-05-30 04:03 - 2017-01-06 23:09 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\obs-studio
2019-05-29 06:05 - 2019-04-14 23:32 - 000000000 ___DC C:\WINDOWS\system32\CleanLog
2019-05-20 19:14 - 2018-05-31 11:18 - 000003542 ____C C:\WINDOWS\System32\Tasks\adobe acrobat update task
2019-05-20 19:14 - 2016-12-07 00:13 - 000002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-20 19:12 - 2018-12-21 18:54 - 000000000 ___DC C:\Program Files\rempl
2019-05-15 06:50 - 2018-04-12 00:38 - 000000000 __SDC C:\WINDOWS\system32\DiagSvcs
2019-05-15 00:51 - 2016-12-07 11:15 - 000000000 ___DC C:\WINDOWS\system32\MRT
2019-05-15 00:49 - 2016-12-07 11:15 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 00:44 - 2018-03-05 19:26 - 000153328 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2017-01-07 06:44 - 2017-05-31 16:28 - 000000132 ____C () C:\Users\lordj\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-02 12:36 - 2017-06-02 12:36 - 000038425 ____C () C:\Users\lordj\AppData\Roaming\Comma Separated Values.ADR
2019-04-10 20:56 - 2019-04-10 20:56 - 000000278 ____C () C:\Users\lordj\AppData\Roaming\Safer-Networking.log
2017-05-31 13:19 - 2017-05-31 13:19 - 000001456 ____C () C:\Users\lordj\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-05-26 12:14 - 2017-08-15 09:29 - 000000600 ____C () C:\Users\lordj\AppData\Local\PUTTY.RND
2016-12-19 16:58 - 2019-06-05 19:50 - 000007656 ____C () C:\Users\lordj\AppData\Local\resmon.resmoncfg
2019-04-15 02:02 - 2019-04-15 02:02 - 000000003 ____C () C:\Users\lordj\AppData\Local\updater.log
2019-04-15 02:02 - 2019-04-15 02:05 - 000000059 ____C () C:\Users\lordj\AppData\Local\UserProducts.xml
2017-02-26 16:36 - 2017-02-26 20:30 - 000000171 ____C () C:\Users\lordj\AppData\Local\uts.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================v
 

lordy007

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
Ran by lordj (05-06-2019 22:18:23)
Running from C:\Users\lordj\Desktop
Windows 10 Pro Version 1803 17134.799 (X64) (2018-05-31 10:18:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3193031890-3382897552-1219898279-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-3193031890-3382897552-1219898279-503 - Limited - Disabled)
Guest (S-1-5-21-3193031890-3382897552-1219898279-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3193031890-3382897552-1219898279-1003 - Limited - Enabled)
lewis (S-1-5-21-3193031890-3382897552-1219898279-1010 - Limited - Enabled) => C:\Users\lewis
lordj (S-1-5-21-3193031890-3382897552-1219898279-1001 - Administrator - Enabled) => C:\Users\lordj
riann (S-1-5-21-3193031890-3382897552-1219898279-1012 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3193031890-3382897552-1219898279-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accounts (HKLM-x32\...\{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.1.0.7 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Elgato Game Capture HD (HKLM\...\{11D487D4-2E52-4AA9-8000-43CED1D7B088}) (Version: 3.70.8.3008 - Elgato Systems GmbH)
Elgato Stream Deck (HKLM\...\{0053D4B2-039F-418D-8E51-2E9866848887}) (Version: 2.1.0.5132 - Elgato Systems GmbH)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Game Capture HD v1.0.0.1 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 1.0.0.1 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
iExplorer (HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\2ee35ebaf226322a) (Version: 4.2.6.0 - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 8.0.0.0 - Eastman Kodak Company)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11629.20196 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{8F700B00-B598-11E6-80D9-EF6B4CB4F8F1}) (Version: 13.0.987 - VEGAS)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
QPAD 8K Laser Software (HKLM-x32\...\{C33DA05B-3AB1-43F0-8208-5FC16609A8BE}) (Version: 1.00 - QPAD) Hidden
QPAD 8K Laser Software (HKLM-x32\...\InstallShield_{C33DA05B-3AB1-43F0-8208-5FC16609A8BE}) (Version: 1.00 - QPAD)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd)
SBDDesktopUpdateInstaller (HKLM-x32\...\{DD16B9AD-FEE2-405D-9E4C-62D44042C422}) (Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (HKLM-x32\...\{FE71361E-8B8F-4A1B-8D4D-B00C7A082428}) (Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 

lordy007

TS Rookie
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
Dolby Atmos for Headphones -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforHeadphones_2.3.303.0_x64__rz1tebttyb220 [2018-07-30] (Dolby Laboratories)
EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2019-06-05] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.57.21415.0_x64__8wekyb3d8bbwe [2019-05-27] (Microsoft Corporation)
Spybot Identity Monitor -> C:\Program Files\WindowsApps\0B776BFA.SpybotIdentityMonitor_3.3.0.0_x86__vfa2pmx4tgtj4 [2019-03-28] (Safer-Networking Ltd.)
Tabnalysis -> C:\Program Files\WindowsApps\7121BryceHutchings.Tabnalysis_1.6.0.0_neutral__n8amc39vh1w3e [2019-03-12] (Bryce Hutchings)
Ultra File Opener -> C:\Program Files\WindowsApps\D5BE6627.371995F5E41A5_7.0.3.0_x86__9pm2v9747qaaa [2019-04-25] (CompuClever Systems Inc.)
 

lordy007

TS Rookie
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\lordj\Dropbox\Dropbox [2017-01-20 17:20]
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
 

lordy007

TS Rookie
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
 

lordy007

TS Rookie
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
 

lordy007

TS Rookie
==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\lordj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2019-05-27 23:52 - 2019-05-27 23:52 - 000158720 ____C ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\bfaba15225107d64a1ca5089d9f628b4\Interop.EKAiO2SDKLib.ni.dll
2018-06-01 21:16 - 2015-03-11 10:17 - 010385408 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe
2017-04-19 17:11 - 2019-06-05 21:30 - 000035984 ____C (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-12-07 10:14 - 2012-06-14 18:18 - 000359936 ____C (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2017-06-22 12:37 - 2017-06-22 12:37 - 000075264 ____C (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000294400 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\759dde4f9b26f5bd9c7f15429a1dcc16\Inkjet.Automation.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000076800 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\a45f47f8fb1bf042e41272e7abe7b0d2\Inkjet.Configuration.ni.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000095232 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Devidd83fa01#\5cd46c7514dc3eb49862fba0c0e39a19\Inkjet.DeviceSettings.ni.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000101376 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\d83d82bc4f4bcfbfaeafeb5cb1317168\Inkjet.Diagnostics.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000882176 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\250b93ef0187c9331ddd4ea08e269a60\Inkjet.Hardware.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000235520 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\6bce245abfb8c01bd54917e7128f842e\Inkjet.Localization.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000178176 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\038a6916797e4a27ec33134cec5061e7\Inkjet.Statistics.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000327168 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\b81e90b12fc85aaa1f170eb963c3f53c\Inkjet.Utilities.ni.dll
2013-06-04 15:06 - 2013-06-04 15:06 - 000008192 ____C (Microsoft) [File not signed] C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
2018-05-31 11:09 - 2018-05-31 11:09 - 000680960 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\GAC_32\Sage.Central.AutoUpdateManager\1.0.0.0__021b26c6762d83c5\Sage.Central.AutoUpdateManager.dll
2018-05-31 11:08 - 2017-10-27 17:06 - 000874368 ____C (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-05-31 11:09 - 2017-10-27 17:06 - 000339256 ____C (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2018-06-01 21:16 - 2011-01-03 19:17 - 000104448 _____ (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\ASUSW32N55.DLL
2015-02-06 10:26 - 2015-02-06 10:26 - 000053248 ____C (Sage (UK) Limited) [File not signed] C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
2018-05-31 11:09 - 2018-05-31 11:09 - 000851968 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Syndication\1.0.0.0__c59b718b5ca510a8\Sage.Common.Syndication.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000061440 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Web.Server\1.0.0.0__c59b718b5ca510a8\Sage.Common.Web.Server.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000010240 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Diagnostics\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Diagnostics.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000032768 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Feeds\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Feeds.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000032768 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Model\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Model.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000258048 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000077824 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Utilities\1.0.0.0__c59b718b5ca510a8\Sage.Utilities.dll
2015-08-13 17:51 - 2016-12-06 22:38 - 000101376 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50AuthLib.dll
2015-08-13 18:00 - 2016-12-06 22:38 - 002396672 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
2015-08-13 17:57 - 2016-12-06 22:38 - 000411136 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50RmtAppClient.dll
2015-08-13 18:08 - 2016-12-06 22:38 - 003474944 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe
 

lordy007

TS Rookie
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.
 

lordy007

TS Rookie
==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-06 21:57 - 2019-04-14 23:20 - 000000852 ____C C:\WINDOWS\system32\drivers\etc\hosts


2018-03-01 18:47 - 2019-06-05 21:30 - 000000449 ____C C:\WINDOWS\system32\drivers\etc\hosts.ics

172.18.229.65 Lords-Money-Machine.mshome.net # 2024 6 1 3 20 30 38 51

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lordj\desktop\img_5430.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_DTS"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Stream Deck"
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "v4EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "Conime"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk.disabled"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Tawk-desktop"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "OpenVPN-GUI"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "AshSnap"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [OpenSSH-Server-In-TCP] => (Block) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [SshProxy-Service-Domain] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [SshProxy-Service] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Block) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Block) %systemroot%\system32\CastSrv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Out-UDP] => (Block) %systemroot%\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-Out-TCP] => (Block) %systemroot%\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WirelessDisplay-In-TCP] => (Block) %systemroot%\system32\WUDFHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [Collab-P2PHost-In-TCP] => (Block) %SystemRoot%\system32\p2phost.exe No File
FirewallRules: [AllJoyn-Router-In-UDP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [AllJoyn-Router-In-TCP] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [PlayTo-QWave-In-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [NETDIS-LLMNR-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [WFDPRINT-SCAN-In-Active] => (Block) %SystemRoot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [WFDPRINT-SPOOL-In-Active] => (Block) %SystemRoot%\system32\spoolsv.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Block) %SystemRoot%\system32\dashost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Block) %SystemRoot%\system32\dashost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Block) %SystemRoot%\system32\proximityuxhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D1E7DD23-B354-42E5-A04F-61E78DE1E4BA}] => (Block) %systemroot%\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [DNS Server Forward Rule - TCP - 367a3f64-ed83-47a1-8599-aa844071a7d0 - 0] => (Block) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 367a3f64-ed83-47a1-8599-aa844071a7d0 - 0] => (Block) LPort=53
FirewallRules: [{4021C6F7-A9A3-43F8-8472-03EAA0725FFA}] => (Block) LPort=9322
FirewallRules: [{A906FE21-CA61-4137-8233-D8C26B6C15B5}] => (Allow) LPort=5353
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 

lordy007

TS Rookie
==================== Restore Points =========================

05-06-2019 00:45:48 Removed IPTInstaller

==================== Faulty Device Manager Devices =============

Name: Hyper-V Virtual Ethernet Adapter
Description: Hyper-V Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: VMSNPXYMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2019 10:10:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 27 166.1.168.192.in-addr.arpa. PTR Lords-Money-Machine.local.

Error: (06/05/2019 10:10:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.166:5353 29 166.1.168.192.in-addr.arpa. PTR Lords-Money-Machine-2.local.

Error: (06/05/2019 09:37:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (06/05/2019 09:37:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (06/05/2019 09:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 27 65.229.18.172.in-addr.arpa. PTR Lords-Money-Machine.local.

Error: (06/05/2019 09:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.18.229.65:5353 29 65.229.18.172.in-addr.arpa. PTR Lords-Money-Machine-2.local.

Error: (06/05/2019 09:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 27 166.1.168.192.in-addr.arpa. PTR Lords-Money-Machine.local.

Error: (06/05/2019 09:30:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.166:5353 29 166.1.168.192.in-addr.arpa. PTR Lords-Money-Machine-2.local.
 

lordy007

TS Rookie
System errors:
=============
Error: (06/05/2019 10:19:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:19:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:19:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:18:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:18:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:18:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/05/2019 10:18:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2019-06-05 20:28:20.962
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {476E5AF3-9EAF-43D4-9670-252DC39CADAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-29 03:30:40.042
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E729E181-D73A-4711-B7E8-AD57FFE3598D}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-14 03:12:24.225
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7427E092-2D96-447F-917D-EECE09C390F8}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-14 00:37:43.966
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A7057166-BFC5-484C-826A-B9CBA109A5A1}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-10 01:34:45.559
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DAE93218-72FC-49DB-890A-FE1999EFAD4B}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-06-05 16:09:26.167
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-05 16:09:26.167
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-05 16:09:26.167
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-05 03:56:20.928
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80004005
Error description: Unspecified error
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-06-04 22:30:26.463
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070643
Error description: Fatal error during installation.
 

lordy007

TS Rookie
CodeIntegrity:
===================================

Date: 2019-06-05 22:16:02.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe that did not meet the Microsoft signing level requirements.

Date: 2019-06-05 22:15:57.656
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe that did not meet the Microsoft signing level requirements.

Date: 2019-06-05 22:14:22.524
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-05 22:13:58.613
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-05 22:11:42.763
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-05 21:47:44.256
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-06-05 21:32:40.295
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-06-05 21:32:40.105
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2103 08/15/2014
Motherboard: ASUSTeK COMPUTER INC. Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 32695.91 MB
Available physical RAM: 28122.66 MB
Total Virtual: 37559.91 MB
Available Virtual: 33054.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.22 GB) (Free:59.88 GB) NTFS
Drive e: (Backup2TB) (Fixed) (Total:1862.89 GB) (Free:818.37 GB) NTFS
Drive f: (Storage) (Fixed) (Total:931.51 GB) (Free:781.78 GB) NTFS
Drive g: () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

\\?\Volume{d759ef00-8cd3-492a-9976-2c1b12c45e1f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 294E1CE3)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9ABD058F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

lordy007

TS Rookie
It's worth noting things have changed again since this log, the second log you asked for is a copy of the one I originaly uploaded, reason being is I'm no longer able to load the program, I am told on screen I don't have the rights to load the program ??

also, if I open rar files I'm redirected to a screen that warns me I'm viewing items over a secure connection even though the items in these rar files are items I've zipped myself some time ago, it feels as though when I log on to my computer, which may I add takes sometime as im told my password is incorrect, then after many attempts works!?!?!??! it feels like I'm not actually on my own desk top, even looking at "this pc" takes ages to load up in window, yet my processor is running low 2-7% and memory used is only 3% of 32gb ?

I've also seen strange things in device manager, like my computer names lords-money-machine, the lord-money-mac

also I've noticed all my devices seems to have been "migrated" at some point, why would this be?
 

Attachments

lordy007

TS Rookie
Managed to get an updated run for you, as is of today...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2019
Ran by lordj (administrator) on LORDS-MONEY-MAC (ASUS All Series) (10-06-2019 01:27:53)
Running from C:\Users\lordj\Desktop
Loaded Profiles: lordj (Available Profiles: lordj & lewis)
Platform: Windows 10 Pro Version 1803 17134.799 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(DTS, Inc. -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Eastman Kodak Company -> Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Spectrum.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Sage (UK) Limited) [File not signed] C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
(Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
(Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Elgato Sound Capture] => C:\Program Files\Elgato\SoundCapture\SoundCapture.exe [1234944 2018-01-18] () [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [v4EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [7116800 2017-05-17] (Eastman Kodak Company) [File not signed]
HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [7116800 2017-05-17] (Eastman Kodak Company) [File not signed]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoFavoritesMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {1f603033-cd91-11e8-a32c-bcee7b9d9734} - "H:\Setup.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {31036bc9-519a-11e8-a2ac-bcee7b9d9734} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\MountPoints2: {bec70ad3-87d0-11e9-a399-bcee7b9d9734} - "H:\Setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-05] (Google LLC -> Google Inc.)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa
Startup: C:\Users\lordj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-06-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\lordj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2018-12-25]
ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C94343-A5C0-4BCE-9413-3F699B90C7B1} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {052E1DA1-1216-44FD-9F5C-A99550609434} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EA5337B-CDBF-4D76-A90A-A098679916C3} - System32\Tasks\adobe acrobat update task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {16A64DC9-A295-4145-9862-103F76D82A4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-06] (Google Inc -> Google Inc.)
Task: {348C30F9-6309-40C9-BE36-5EAEAEDCD813} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {38E3801D-BC56-429E-B230-3162247DA9CE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3A69A518-0FAD-447C-BCA4-FE6C24C5841D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3C448058-1B1E-4204-97F3-DE7359EE6BBA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {400F5B60-C559-4628-ACC2-3905DAEE339B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {408B53B5-E2B5-4E44-8052-91FD6F819BFF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4212028D-F274-4BCC-84F1-06CF2EFE8A26} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {438462EB-E18A-4716-96D1-7F821AC777FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5047B871-F5A0-4021-BD5D-5F008D8843F8} - System32\Tasks\update-S-1-5-21-3193031890-3382897552-1219898279-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {531ED7E1-CA19-4D84-84E9-5C687F9B27C4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {62320466-24EA-43B9-84C7-EA76CD36E095} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {74137B2F-59CB-46E4-9861-1DCE39AD1960} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3193031890-3382897552-1219898279-1010 => C:\Users\lordj\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {75AD4F71-15EF-43FB-9DD8-1C570BD7AB59} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {7F1017CA-AC4E-4A83-BBAD-7F0F63B6C02C} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87B6D84C-AF70-477F-8FC7-992E34C20911} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {939AD483-0D82-4B28-839C-852749E9380C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9CCE4732-69D5-4F8A-B743-5AB0CD9BD8B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470320 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D46B215-F69C-4958-B7B5-B885B291BC64} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448056 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7D0CEBB-3CEB-4809-9817-4D77BFA15790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-06] (Google Inc -> Google Inc.)
Task: {A7D1D2AB-7AE2-450E-9AF6-540D10C64569} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A84E2206-B893-4568-BFD2-7483ECC1D375} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4470320 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A86D74DE-C4EA-4985-9448-FB9F1A01AF6E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498208 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8DC0534-AA6C-4AFD-AB4D-FA11C758D10F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B1A64999-08E1-432E-A819-DD97C127360F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {B599C49A-FF79-47A7-9F0C-86BF6E5AC119} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8A84B6-B38B-4298-B41F-F12B724B32B9} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [10385408 2015-03-11] (ASUS) [File not signed]
Task: {C2BB2F27-244E-4C5A-8452-414E151EE8B4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E17BECE0-9D5C-4320-9BB2-95D346BBC93C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {EBB99418-AD66-4827-A7E0-26C17FD9B821} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F546EE03-6093-4A85-996B-A258B7E11A90} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448056 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5D2625D-23A0-42F2-996F-275D30B2D5C0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FCA9FDCF-B6C5-4CC4-80DF-7974C427691A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FF8CBE6A-22F8-46D8-A596-619F396839AF} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3193031890-3382897552-1219898279-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{0a7deeff-253e-4bc7-98c7-ec2d8132b276}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{73ae4125-b214-470b-a221-bad0d5b7a7fa}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{73d026f9-045e-4fac-9373-75919bbd12c7}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
 

lordy007

TS Rookie
FireFox:
========
FF DefaultProfile: 5iqg8ulw.default-1553006178345
FF ProfilePath: C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345 [2019-06-06]
FF Extension: (English (GB) Language Pack) - C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2019-03-19]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\lordj\AppData\Roaming\Mozilla\Firefox\Profiles\5iqg8ulw.default-1553006178345\Extensions\marcoagpinto@mail.telepac.pt.xpi [2019-04-11]
FF ProfilePath: C:\Users\lordj\AppData\Roaming\kompozer.net\KompoZer\Profiles\dyca82k3.default [2017-05-31]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lordj\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-05-30]

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> hxxp://mysearch.avg.com?cid={8C41E477-0823-4B79-A6C2-A315B9F86BB3}&mid=4b17a5e7ee4647d2a75d6da73d797ec7-3018f7204a0c9d6d6f79046117de146a3a0e0fe8&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 18:11:30&v=18.1.5.512&pid=safeguard&sg=&sap=hp
CHR Profile: C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-06-10]
CHR Extension: (Google Drive) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-15]
CHR Extension: (YouTube) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-15]
CHR Extension: (Gmail) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-15]
CHR Extension: (Chrome Media Router) - C:\Users\lordj\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-15]
CHR Profile: C:\Users\lordj\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-29]
CHR HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-03-08] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2016-04-12] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-07-04] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11145800 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-20] (Dropbox, Inc -> Dropbox, Inc.)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc. -> DTS, Inc)
S3 HgClientService; C:\WINDOWS\system32\hgclientservice.dll [141824 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 hns; C:\WINDOWS\System32\HostNetSvc.dll [1741312 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 nvagent; C:\WINDOWS\System32\NvAgent.dll [31232 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R2 Sage 50 Accounts Control v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe [2396672 2016-12-06] (Sage (UK) Ltd.) [File not signed]
R2 Sage 50 Accounts Service v22; C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe [3474944 2016-12-06] (Sage (UK) Ltd.) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2015-02-06] (Sage (UK) Limited) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] (Microsoft Windows -> )
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [285696 2019-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [3014144 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 klvssbridge64_18.0.0; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\x64\vssbridge64.exe" [X]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\WINDOWS\System32\Drivers\wsadb.sys [40720 2017-02-26] (Shenzhen Wondershare Information Technology Co., Ltd. -> Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-04-12] (ASUSTeK Computer Inc. -> )
R0 asstahci64; C:\WINDOWS\System32\drivers\asstahci64.sys [88936 2015-06-17] (ASMedia Technology Inc. -> Asmedia Technology)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8597208 2014-12-24] (Broadcom Corporation -> Broadcom Corporation)
R3 cbfs3; C:\WINDOWS\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation -> EldoS Corporation)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3778592 2016-03-04] (WDKTestCert Robert,130802973755980687 -> C-MEDIA)
S3 ElgatoGC656Y; C:\WINDOWS\System32\Drivers\ElgatoGC656.sys [52848 2016-08-03] (Elgato Systems LLC -> UB658)
R3 ElgatoVAD; C:\WINDOWS\system32\DRIVERS\ElgatoVAD.sys [39208 2016-09-20] (Elgato Systems LLC -> Elgato Systems GmbH)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2018-03-15] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-05-15] (Malwarebytes Corporation -> Malwarebytes)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
S3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [26624 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd. -> Zemana Ltd.)
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-27] (Microsoft Corporation -> Microsoft Corporation)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-02] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-10] (Malwarebytes Corporation -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2015-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation -> NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (PRINTING COMMUNICATIONS ASSOCIATES, INC -> Printing Communications Assoc., Inc. (PCAUSA))
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [97176 2019-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31744 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [92032 2018-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103936 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-05] (Adlice -> )
R3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [1248256 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R0 VMSNPXY; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
R3 VMSNPXYMP; C:\WINDOWS\System32\drivers\VmsProxyHNic.sys [36768 2019-04-18] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
 

lordy007

TS Rookie
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: nvagent -> C:\Windows\System32\NvAgent.dll (Microsoft Corporation)
NETSVC: HgClientService -> C:\Windows\system32\hgclientservice.dll (Microsoft Corporation)
NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-10 01:27 - 2019-06-10 01:28 - 000037079 ____C C:\Users\lordj\Desktop\FRST.txt
2019-06-10 00:14 - 2019-06-10 00:14 - 000275232 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-07 03:16 - 2019-06-07 03:16 - 000000000 ___DC C:\Users\lordj\AppData\Local\Phrozen
2019-06-07 03:16 - 2019-06-07 03:16 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winja
2019-06-07 03:16 - 2019-06-07 03:16 - 000000000 ___DC C:\Program Files\Winja
2019-06-07 03:15 - 2019-06-07 03:15 - 000000000 ___DC C:\Users\lordj\Desktop\New folder (5)
2019-06-07 00:02 - 2019-06-05 20:25 - 002417664 ____C (Farbar) C:\Users\lordj\Desktop\FRST64.exe
2019-06-06 23:54 - 2019-06-06 23:54 - 000000000 ____C C:\Users\lordj\Desktop\New Text Document (3).TXT
2019-06-06 23:50 - 2019-06-06 23:54 - 000000000 ___DC C:\Users\lordj\Desktop\New folder (4)
2019-06-06 17:26 - 2019-06-06 17:26 - 000000000 ___DC C:\Users\lordj\Desktop\word docs
2019-06-06 17:25 - 2019-06-06 17:26 - 000000000 ___DC C:\Users\lordj\Desktop\excel docs
2019-06-06 17:25 - 2019-06-06 17:25 - 000000000 ___DC C:\Users\lordj\Desktop\text docs
2019-06-05 20:53 - 2019-06-10 01:27 - 000000000 ___DC C:\FRST
2019-06-05 20:47 - 2019-06-05 20:48 - 000000000 ___DC C:\ProgramData\RogueKiller
2019-06-05 20:47 - 2019-06-05 20:47 - 000003152 ____C C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-06-05 20:46 - 2019-06-05 20:46 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-06-05 20:46 - 2019-06-05 20:46 - 000000000 ___DC C:\Program Files\RogueKiller
2019-06-05 20:45 - 2019-06-05 20:46 - 000000000 ___DC C:\AdwCleaner
2019-06-05 20:34 - 2019-06-05 20:48 - 000028272 ____C C:\WINDOWS\system32\Drivers\truesight.sys
2019-06-05 17:20 - 2019-06-05 17:33 - 000000000 ___DC C:\ESD
2019-06-05 17:19 - 2019-06-05 19:51 - 000000000 ___DC C:\WINDOWS\Panther
2019-06-05 17:19 - 2019-06-05 17:19 - 000000000 ___DC C:\$WINDOWS.~BT
2019-06-05 03:52 - 2019-02-16 08:34 - 000108032 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2019-06-05 03:52 - 2019-02-16 08:32 - 000285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2019-06-05 03:52 - 2019-02-16 08:31 - 000485888 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2019-06-05 03:52 - 2019-02-16 08:31 - 000448512 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2019-06-05 03:52 - 2019-02-16 08:31 - 000264192 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2019-06-05 03:52 - 2019-02-16 08:29 - 000382976 ____C (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2019-06-05 03:52 - 2018-10-21 08:17 - 001265152 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2019-06-05 03:52 - 2018-08-03 06:36 - 000260608 ____C (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2019-06-05 03:52 - 2018-08-03 04:12 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2019-06-05 03:52 - 2018-08-03 04:07 - 000627200 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2019-06-05 00:41 - 2019-06-05 03:52 - 000000000 ___DC C:\WINDOWS\system32\OpenSSH
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 _RSDC C:\WINDOWS\SysWOW64\WindowsDevicePortal
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 _RSDC C:\WINDOWS\system32\WindowsDevicePortal
2019-06-05 00:41 - 2019-06-05 00:41 - 000000000 __RDC C:\WINDOWS\WebManagement
2019-06-05 00:41 - 2018-04-10 21:09 - 000033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2019-06-05 00:41 - 2018-04-10 21:09 - 000020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2019-06-05 00:41 - 2018-04-10 21:08 - 000090624 ____C (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2019-06-05 00:41 - 2018-04-10 21:08 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2019-06-05 00:41 - 2018-04-10 21:07 - 000151040 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2019-06-05 00:41 - 2018-04-10 21:07 - 000082944 ____C (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2019-06-05 00:41 - 2018-03-10 18:20 - 001999872 ____C C:\WINDOWS\system32\libcrypto.dll
2019-06-04 17:44 - 2019-05-15 05:28 - 000005921 ___RC C:\Users\lordj\Desktop\Settings (2019_05_20 22_13_45 UTC).xml
2019-06-04 00:19 - 2019-06-04 00:19 - 000002498 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002493 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002492 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002456 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002455 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002449 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002443 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000002435 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-06-04 00:19 - 2019-06-04 00:19 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-06-01 05:27 - 2019-06-01 05:27 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\PDFescape Desktop
2019-06-01 03:59 - 2019-06-01 03:59 - 000000000 ___DC C:\Users\lordj\Desktop\New folder (3)
2019-05-30 09:04 - 2019-05-30 09:04 - 000000000 ___DC C:\Program Files\HitmanPro
2019-05-30 08:52 - 2019-05-30 08:52 - 000000000 ___DC C:\ProgramData\WebEx
2019-05-30 08:49 - 2019-05-30 08:49 - 000000000 ___DC C:\ProgramData\HitmanPro
2019-05-30 03:35 - 2019-05-30 03:35 - 000000000 ___DC C:\SymCache
2019-05-30 03:25 - 2019-06-06 05:47 - 000000000 ___DC C:\Users\lordj\OneDrive\Documents\OneNote Notebooks
2019-05-30 00:47 - 2019-06-06 23:01 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\vlc
2019-05-29 23:13 - 2019-05-29 23:13 - 000000803 ____C C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2019-05-29 23:13 - 2019-05-29 23:13 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2019-05-29 04:06 - 2019-05-29 04:06 - 000000000 ___DC C:\ProgramData\Sophos
2019-05-29 04:01 - 2019-05-29 04:01 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2019-05-29 04:00 - 2019-05-29 04:00 - 000000000 ___DC C:\Program Files (x86)\Sophos
2019-05-29 02:37 - 2019-05-17 13:44 - 000348160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-05-29 02:37 - 2019-05-17 13:41 - 021388968 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-05-29 02:37 - 2019-05-17 13:40 - 002394960 ____C (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-05-29 02:37 - 2019-05-17 13:40 - 000280888 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-05-29 02:37 - 2019-05-17 13:27 - 006586880 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-05-29 02:37 - 2019-05-17 13:26 - 004393984 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-05-29 02:37 - 2019-05-17 13:26 - 000064000 ____C (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 012756480 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 004718080 ____C (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-05-29 02:37 - 2019-05-17 13:25 - 004491264 ____C (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-05-29 02:37 - 2019-05-17 13:25 - 000039424 ____C (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-05-29 02:37 - 2019-05-17 13:24 - 000122368 ____C (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000223744 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000182272 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-05-29 02:37 - 2019-05-17 13:23 - 000110080 ____C (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-05-29 02:37 - 2019-05-17 13:22 - 000392192 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-05-29 02:37 - 2019-05-17 13:22 - 000182784 ____C (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001364992 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001180672 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 001121792 ____C (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000878592 ____C (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000274944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-05-29 02:37 - 2019-05-17 13:21 - 000221184 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-05-29 02:37 - 2019-05-17 13:20 - 003613696 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-29 02:37 - 2019-05-17 13:20 - 002084864 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-05-29 02:37 - 2019-05-17 13:20 - 001970688 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000725504 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000424448 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2019-05-29 02:37 - 2019-05-17 13:20 - 000224256 ____C (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2019-05-29 02:37 - 2019-05-17 13:19 - 000757248 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-05-29 02:37 - 2019-05-17 13:09 - 020383616 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-05-29 02:37 - 2019-05-17 13:07 - 002206424 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-05-29 02:37 - 2019-05-17 13:00 - 011942400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-29 02:37 - 2019-05-17 13:00 - 005658112 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-05-29 02:37 - 2019-05-17 12:58 - 003397632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-05-29 02:37 - 2019-05-17 12:58 - 000184320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2019-05-29 02:37 - 2019-05-17 12:56 - 000344576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-05-29 02:37 - 2019-05-17 12:56 - 000240640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 002881536 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-29 02:37 - 2019-05-17 12:55 - 000704000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000668160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000470528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-05-29 02:37 - 2019-05-17 12:55 - 000352256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2019-05-29 02:37 - 2019-05-17 12:54 - 002016768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-05-29 02:37 - 2019-05-17 12:54 - 000908288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-05-29 02:37 - 2019-05-17 10:33 - 001008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-29 02:37 - 2019-05-17 09:52 - 000868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-29 02:37 - 2019-05-17 08:07 - 000105272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-05-29 02:37 - 2019-05-17 07:44 - 000829960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-05-29 02:37 - 2019-05-17 07:44 - 000550520 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-05-29 02:37 - 2019-05-17 07:43 - 000297688 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 006573472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 006043496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 004789944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 002256560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001989552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001980256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001620264 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001380096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 001130568 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 000129088 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-05-29 02:37 - 2019-05-17 07:42 - 000125504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-05-29 02:37 - 2019-05-17 07:34 - 022020096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-29 02:37 - 2019-05-17 07:30 - 013878784 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-05-29 02:37 - 2019-05-17 07:26 - 002969600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-05-29 02:37 - 2019-05-17 07:25 - 019374080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 001361408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 000074240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-29 02:37 - 2019-05-17 07:23 - 000068096 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-05-29 02:37 - 2019-05-17 07:23 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-05-29 02:37 - 2019-05-17 07:22 - 000142848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-05-29 02:37 - 2019-05-17 07:22 - 000031232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000608768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000333824 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-29 02:37 - 2019-05-17 07:21 - 000326144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-05-29 02:37 - 2019-05-17 07:21 - 000224768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000578560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000366080 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-29 02:37 - 2019-05-17 07:20 - 000118272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 004515840 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001630720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001110528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 001073664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 000873472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-05-29 02:37 - 2019-05-17 07:19 - 000835584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 002796032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 001006592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 000778240 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-29 02:37 - 2019-05-17 07:18 - 000251904 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-29 02:37 - 2019-05-17 07:11 - 001035256 ____C (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 001219896 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 001063224 ____C (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-05-29 02:37 - 2019-05-17 07:08 - 001027384 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 000723432 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000568104 ____C (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-29 02:37 - 2019-05-17 07:08 - 000491200 ____C (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000401328 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000134968 ____C (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-29 02:37 - 2019-05-17 07:08 - 000076088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-29 02:37 - 2019-05-17 07:07 - 009084216 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 007520112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 007436536 ____C (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 004404720 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002768960 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002571640 ____C (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 002467320 ____C (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 001459120 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-29 02:37 - 2019-05-17 07:07 - 001288712 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 001260272 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 000930616 ____C (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-05-29 02:37 - 2019-05-17 07:07 - 000275768 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-29 02:37 - 2019-05-17 07:07 - 000260800 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001943136 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001784696 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 001140992 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-29 02:37 - 2019-05-17 07:06 - 001098056 ____C (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-29 02:37 - 2019-05-17 07:06 - 000983424 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-29 02:37 - 2019-05-17 07:06 - 000151888 ____C (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-05-29 02:37 - 2019-05-17 06:48 - 025857536 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-29 02:37 - 2019-05-17 06:44 - 016597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-05-29 02:37 - 2019-05-17 06:41 - 022719488 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-29 02:37 - 2019-05-17 06:38 - 004709376 ____C (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 004385280 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 000185344 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-05-29 02:37 - 2019-05-17 06:37 - 000108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000228864 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-05-29 02:37 - 2019-05-17 06:36 - 000115200 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000096768 ____C (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000067584 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-05-29 02:37 - 2019-05-17 06:36 - 000034816 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-05-29 02:37 - 2019-05-17 06:36 - 000002560 ____C (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-05-29 02:37 - 2019-05-17 06:35 - 003400192 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-29 02:37 - 2019-05-17 06:35 - 000433152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000362496 ____C (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000322560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-05-29 02:37 - 2019-05-17 06:35 - 000209408 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 001804288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 001708544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000916480 ____C (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000894464 ____C (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000671744 ____C (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000275456 ____C (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-05-29 02:37 - 2019-05-17 06:34 - 000270336 ____C (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000175104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000141312 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-29 02:37 - 2019-05-17 06:34 - 000047616 ____C (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 003091456 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002912256 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002370560 ____C (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 002175488 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 001487360 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 001214464 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 000808448 ____C (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-29 02:37 - 2019-05-17 06:33 - 000787968 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-05-29 02:37 - 2019-05-17 06:33 - 000270336 ____C (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-05-29 02:37 - 2019-05-17 06:32 - 001070080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-05-29 02:37 - 2019-05-17 06:32 - 000815104 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 004937216 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 003376640 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 003293184 ____C (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001854976 ____C (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001805312 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001560576 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001383424 ____C (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001211904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 001027584 ____C (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 000620032 ____C (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-29 02:37 - 2019-05-17 06:31 - 000466432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000900096 ____C (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000507392 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-29 02:37 - 2019-05-17 06:30 - 000276992 ____C (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-05-29 02:37 - 2019-05-17 05:15 - 000001308 ____C C:\WINDOWS\system32\tcbres.wim
2019-05-23 09:05 - 2019-05-23 09:05 - 000000271 ____C C:\Users\lordj\Desktop\CIS return address.TXT
 
Status
Not open for further replies.