Inactive-A Suspicious activity with what looks like my PC being Cloned ?

Status
Not open for further replies.

lordy007

TS Rookie
2019-05-20 22:04 - 2019-05-20 22:04 - 000000000 ___DC C:\Users\lordj\Desktop\wales
2019-05-20 19:17 - 2019-05-17 07:42 - 005625160 ____C (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-20 19:17 - 2019-05-17 07:04 - 001826816 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-20 19:17 - 2019-05-17 07:03 - 005307392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-20 19:16 - 2019-05-17 07:06 - 001307648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-20 19:16 - 2019-05-17 07:00 - 001295360 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-15 00:51 - 2019-05-03 13:14 - 000790208 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 00:51 - 2019-05-03 13:14 - 000304144 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-05-15 00:51 - 2019-05-03 13:13 - 001376472 ____C (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 00:51 - 2019-05-03 13:13 - 000396088 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-15 00:51 - 2019-05-03 12:55 - 000123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 00:51 - 2019-05-03 12:54 - 000177664 ____C (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 00:51 - 2019-05-03 12:52 - 000119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 00:51 - 2019-05-03 12:50 - 004054528 ____C (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 00:51 - 2019-05-03 12:50 - 001663488 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 001288704 ____C (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 000488448 ____C (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 00:51 - 2019-05-03 12:49 - 000210944 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 00:51 - 2019-05-03 12:43 - 001027008 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 00:51 - 2019-05-03 12:43 - 000662328 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-15 00:51 - 2019-05-03 12:30 - 000138752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 00:51 - 2019-05-03 12:30 - 000098304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 00:51 - 2019-05-03 12:28 - 000089600 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 00:51 - 2019-05-03 12:27 - 000176640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 00:51 - 2019-05-03 12:26 - 000425472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 00:51 - 2019-05-03 12:25 - 004055040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 00:51 - 2019-05-03 12:25 - 001471488 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 00:51 - 2019-05-03 07:43 - 000177128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 00:51 - 2019-05-03 07:35 - 002300528 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe
2019-05-15 00:51 - 2019-05-03 07:34 - 000159864 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 00:51 - 2019-05-03 07:33 - 000709720 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-15 00:51 - 2019-05-03 07:33 - 000063072 ____C (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000793640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-15 00:51 - 2019-05-03 07:32 - 000776784 ____C (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000493880 ____C (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 00:51 - 2019-05-03 07:32 - 000438984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 00:51 - 2019-05-03 07:32 - 000209208 ____C (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 00:51 - 2019-05-03 07:32 - 000170296 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 00:51 - 2019-05-03 07:32 - 000164664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 002811192 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 000545808 ____C (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 00:51 - 2019-05-03 07:31 - 000412984 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-15 00:51 - 2019-05-03 07:31 - 000115728 ____C (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 00:51 - 2019-05-03 07:20 - 000434704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 00:51 - 2019-05-03 07:20 - 000384976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 00:51 - 2019-05-03 07:20 - 000192016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 00:51 - 2019-05-03 07:20 - 000146920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 00:51 - 2019-05-03 07:19 - 000665224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 00:51 - 2019-05-03 07:19 - 000056288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 00:51 - 2019-05-03 07:02 - 004866048 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 00:51 - 2019-05-03 07:01 - 008189440 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 006661632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 000120832 ____C (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 00:51 - 2019-05-03 07:00 - 000099328 ____C (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 007593472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 005788672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 003710976 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 000514560 ____C (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 00:51 - 2019-05-03 06:59 - 000204288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 00:51 - 2019-05-03 06:59 - 000154112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 00:51 - 2019-05-03 06:58 - 000726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 00:51 - 2019-05-03 06:58 - 000462336 ____C (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-15 00:51 - 2019-05-03 06:57 - 001549824 ____C (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-15 00:51 - 2019-05-03 06:57 - 000561152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-15 00:51 - 2019-05-03 06:56 - 000773632 ____C (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 00:51 - 2019-05-03 06:55 - 002166784 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 00:51 - 2019-05-03 06:55 - 000659968 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000961024 ____C (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000845824 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000778752 ____C (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-15 00:51 - 2019-05-03 06:54 - 000776192 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000669184 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000667136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000543744 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 00:51 - 2019-05-03 06:54 - 000535552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 00:51 - 2019-05-03 06:53 - 000204800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 00:51 - 2019-05-03 06:53 - 000181760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 00:51 - 2019-04-19 11:55 - 001634920 ____C (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-15 00:51 - 2019-04-19 11:54 - 000720200 ____C (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-15 00:51 - 2019-04-19 11:38 - 000058368 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-15 00:51 - 2019-04-19 11:38 - 000040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-15 00:51 - 2019-04-19 11:36 - 000346112 ____C (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-15 00:51 - 2019-04-19 11:34 - 000522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-15 00:51 - 2019-04-19 10:44 - 001454648 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-15 00:51 - 2019-04-19 10:37 - 000607960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-15 00:51 - 2019-04-19 10:30 - 000036864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-15 00:51 - 2019-04-19 10:26 - 002405888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-15 00:51 - 2019-04-19 10:25 - 000423936 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-15 00:51 - 2019-04-19 06:07 - 000985400 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-15 00:51 - 2019-04-19 06:06 - 000798520 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-15 00:51 - 2019-04-19 06:06 - 000713264 ____C (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-15 00:51 - 2019-04-19 06:06 - 000436024 ____C (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-15 00:51 - 2019-04-19 06:02 - 000831800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-15 00:51 - 2019-04-19 06:01 - 000581592 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-15 00:51 - 2019-04-19 06:01 - 000576016 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-15 00:51 - 2019-04-19 06:01 - 000380728 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-15 00:51 - 2019-04-19 05:43 - 000150016 ____C (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-15 00:51 - 2019-04-19 05:41 - 000140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-15 00:51 - 2019-04-19 05:41 - 000095232 ____C (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-15 00:51 - 2019-04-19 05:40 - 000342528 ____C (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-15 00:51 - 2019-04-19 05:40 - 000243712 ____C (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000172544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000167936 ____C (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-15 00:51 - 2019-04-19 05:40 - 000081408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000567296 ____C (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000425472 ____C (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000374784 ____C (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-15 00:51 - 2019-04-19 05:39 - 000361472 ____C (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-15 00:51 - 2019-04-19 05:39 - 000204288 ____C (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000593408 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000304128 ____C (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-15 00:51 - 2019-04-19 05:38 - 000300544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000953856 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000621056 ____C (Microsoft Corporation) C:\WINDOWS\system32\vmuidevices.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000445952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000397312 ____C (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000381952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-15 00:51 - 2019-04-19 05:37 - 000221184 ____C (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 001300992 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000827392 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000546816 ____C (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000357888 ____C (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-15 00:51 - 2019-04-19 05:36 - 000186368 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001938944 ____C (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001458688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001175552 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 001156608 ____C (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000784896 ____C (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000535040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000523776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-15 00:51 - 2019-04-19 05:35 - 000312320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000935936 ____C (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000885760 ____C (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-15 00:51 - 2019-04-19 05:34 - 000653312 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-15 00:51 - 2019-04-19 04:18 - 000806360 ____C C:\WINDOWS\SysWOW64\locale.nls
2019-05-15 00:51 - 2019-04-19 04:18 - 000806360 ____C C:\WINDOWS\system32\locale.nls
2019-05-15 00:51 - 2019-04-09 02:48 - 001311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000376320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000353280 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 00:51 - 2019-04-09 02:48 - 000240640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-10 01:27 - 2018-05-31 11:18 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2019-06-10 01:27 - 2017-02-26 07:55 - 000009430 _RSHC C:\ProgramData\ntuser.pol
2019-06-10 01:20 - 2018-05-16 10:24 - 028222060 ____C C:\WINDOWS\ntbtlog.txt
2019-06-10 00:57 - 2017-01-07 05:41 - 000000000 ___DC C:\Users\lordj\AppData\Local\CrashDumps
2019-06-10 00:21 - 2018-05-31 11:16 - 000005596 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-10 00:21 - 2016-12-06 22:03 - 000000000 ___DC C:\ProgramData\NVIDIA
2019-06-10 00:19 - 2018-04-12 00:38 - 000000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2019-06-10 00:14 - 2019-04-13 18:07 - 000000000 ___DC C:\ProgramData\Kodak
2019-06-10 00:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\Registration
2019-06-10 00:14 - 2017-02-26 09:57 - 000000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2019-06-07 00:02 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\NDF
2019-06-06 23:56 - 2016-12-08 00:06 - 000000000 ___DC C:\Users\lordj\AppData\Local\ElevatedDiagnostics
2019-06-06 22:05 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-06 17:10 - 2019-04-14 00:52 - 000002376 _RSHC C:\Users\lordj\ntuser.pol
2019-06-06 17:10 - 2018-05-31 11:09 - 000000000 ___DC C:\Users\lordj
2019-06-06 16:26 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\AppReadiness
2019-06-06 14:58 - 2018-05-31 11:07 - 000000000 ___DC C:\WINDOWS\system32\SleepStudy
2019-06-06 06:59 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-06 04:05 - 2019-03-28 18:06 - 000000000 ___DC C:\Users\lordj\Desktop\Insurance
2019-06-06 03:30 - 2018-04-12 00:36 - 000000000 ___DC C:\WINDOWS\INF
2019-06-06 02:03 - 2017-02-26 03:07 - 000000000 ___DC C:\Users\lordj\AppData\Local\Apple Computer
2019-06-05 22:45 - 2018-03-01 18:47 - 000000449 ____C C:\WINDOWS\system32\Drivers\etc\hosts.ics
2019-06-05 21:25 - 2018-04-12 00:38 - 000000000 __HDC C:\WINDOWS\ELAMBKUP
2019-06-05 19:50 - 2016-12-19 16:58 - 000007656 ____C C:\Users\lordj\AppData\Local\resmon.resmoncfg
2019-06-05 19:10 - 2018-03-01 19:07 - 000000000 ___DC C:\WINDOWS\system32\Drivers\wd
2019-06-05 18:45 - 2018-04-12 00:38 - 000000000 __HDC C:\WINDOWS\system32\AppLocker
2019-06-05 17:15 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-05 03:52 - 2018-04-12 00:30 - 000000000 ___DC C:\WINDOWS\CbsTemp
2019-06-05 00:55 - 2016-12-06 22:15 - 000000000 ___DC C:\Users\lordj\AppData\Local\ConnectedDevicesPlatform
2019-06-05 00:47 - 2019-04-10 21:48 - 000000000 ___DC C:\Program Files\SUPERAntiSpyware
2019-06-05 00:41 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SystemApps
2019-06-05 00:41 - 2017-12-12 12:39 - 000000000 ___DC C:\Users\lordj\AppData\Local\Packages
2019-06-05 00:14 - 2018-05-31 11:48 - 000000000 ___DC C:\Users\lordj\AppData\Local\D3DSCache
2019-06-04 23:22 - 2017-11-22 19:16 - 000000000 __RDC C:\Users\lordj\3D Objects
2019-06-04 23:22 - 2016-06-07 14:20 - 000000000 _RHDC C:\Users\Public\AccountPictures
2019-06-04 23:20 - 2018-05-31 11:07 - 000417512 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-04 23:19 - 2019-04-18 12:07 - 000000000 ___DC C:\Program Files\Hyper-V
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\TextInput
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\ShellExperiences
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\Provisioning
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\PolicyDefinitions
2019-06-04 23:19 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\bcastdvr
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\lv-LV
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\lt-LT
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\et-EE
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\SysWOW64\es-MX
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\lv-LV
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\lt-LT
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\et-EE
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\system32\es-MX
2019-06-04 22:14 - 2018-04-12 00:38 - 000000000 ___DC C:\WINDOWS\LiveKernelReports
2019-06-04 20:15 - 2019-04-22 03:20 - 000000000 ___DC C:\Users\lordj\AppData\Local\PokerStars.UK
2019-06-04 16:00 - 2016-12-06 22:17 - 000000000 ___DC C:\Users\lordj\AppData\Local\Comms
2019-06-04 00:17 - 2016-12-06 22:30 - 000000000 ___DC C:\Program Files (x86)\Microsoft Office
2019-06-03 04:23 - 2017-02-01 13:41 - 000000000 ___DC C:\Users\lordj\AppData\LocalLow\Mozilla
2019-06-02 11:30 - 2017-01-20 17:14 - 000000000 ___DC C:\Users\lordj\AppData\Local\Dropbox
2019-05-30 04:03 - 2017-01-06 23:09 - 000000000 ___DC C:\Users\lordj\AppData\Roaming\obs-studio
2019-05-29 06:05 - 2019-04-14 23:32 - 000000000 ___DC C:\WINDOWS\system32\CleanLog
2019-05-20 19:14 - 2018-05-31 11:18 - 000003542 ____C C:\WINDOWS\System32\Tasks\adobe acrobat update task
2019-05-20 19:14 - 2016-12-07 00:13 - 000002457 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-20 19:12 - 2018-12-21 18:54 - 000000000 ___DC C:\Program Files\rempl
2019-05-15 06:50 - 2018-04-12 00:38 - 000000000 __SDC C:\WINDOWS\system32\DiagSvcs
2019-05-15 00:51 - 2016-12-07 11:15 - 000000000 ___DC C:\WINDOWS\system32\MRT
2019-05-15 00:49 - 2016-12-07 11:15 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 00:44 - 2018-03-05 19:26 - 000153328 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2017-01-07 06:44 - 2017-05-31 16:28 - 000000132 ____C () C:\Users\lordj\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-02 12:36 - 2017-06-02 12:36 - 000038425 ____C () C:\Users\lordj\AppData\Roaming\Comma Separated Values.ADR
2019-04-10 20:56 - 2019-04-10 20:56 - 000000278 ____C () C:\Users\lordj\AppData\Roaming\Safer-Networking.log
2017-05-31 13:19 - 2017-05-31 13:19 - 000001456 ____C () C:\Users\lordj\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-05-26 12:14 - 2017-08-15 09:29 - 000000600 ____C () C:\Users\lordj\AppData\Local\PUTTY.RND
2016-12-19 16:58 - 2019-06-05 19:50 - 000007656 ____C () C:\Users\lordj\AppData\Local\resmon.resmoncfg
2019-04-15 02:02 - 2019-04-15 02:02 - 000000003 ____C () C:\Users\lordj\AppData\Local\updater.log
2019-04-15 02:02 - 2019-04-15 02:05 - 000000059 ____C () C:\Users\lordj\AppData\Local\UserProducts.xml
2017-02-26 16:36 - 2017-02-26 20:30 - 000000171 ____C () C:\Users\lordj\AppData\Local\uts.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

lordy007

TS Rookie
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2019
Ran by lordj (10-06-2019 01:28:46)
Running from C:\Users\lordj\Desktop
Windows 10 Pro Version 1803 17134.799 (X64) (2018-05-31 10:18:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3193031890-3382897552-1219898279-500 - Administrator - Enabled)
DefaultAccount (S-1-5-21-3193031890-3382897552-1219898279-503 - Limited - Disabled)
Guest (S-1-5-21-3193031890-3382897552-1219898279-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3193031890-3382897552-1219898279-1003 - Limited - Enabled)
lewis (S-1-5-21-3193031890-3382897552-1219898279-1010 - Limited - Enabled) => C:\Users\lewis
lordj (S-1-5-21-3193031890-3382897552-1219898279-1001 - Administrator - Enabled) => C:\Users\lordj
riann (S-1-5-21-3193031890-3382897552-1219898279-1012 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3193031890-3382897552-1219898279-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accounts (HKLM-x32\...\{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.1.0.7 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 70.4.93 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Elgato Game Capture HD (HKLM\...\{11D487D4-2E52-4AA9-8000-43CED1D7B088}) (Version: 3.70.8.3008 - Elgato Systems GmbH)
Elgato Stream Deck (HKLM\...\{0053D4B2-039F-418D-8E51-2E9866848887}) (Version: 2.1.0.5132 - Elgato Systems GmbH)
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Game Capture HD v1.0.0.1 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 1.0.0.1 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
iBackupBot 5.5.3 (HKLM-x32\...\iBackupBot) (Version: 5.5.3 - VOW Software)
iExplorer (HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\2ee35ebaf226322a) (Version: 4.2.6.0 - Macroplant LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{CAA61CDB-0E1E-4E7F-89E1-36FBCC3C0EFB}) (Version: 12.9.4.102 - Apple Inc.)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 8.0.0.0 - Eastman Kodak Company)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11629.20196 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{8F700B00-B598-11E6-80D9-EF6B4CB4F8F1}) (Version: 13.0.987 - VEGAS)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Firefox 66.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.3 (x64 en-US)) (Version: 66.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
QPAD 8K Laser Software (HKLM-x32\...\{C33DA05B-3AB1-43F0-8208-5FC16609A8BE}) (Version: 1.00 - QPAD) Hidden
QPAD 8K Laser Software (HKLM-x32\...\InstallShield_{C33DA05B-3AB1-43F0-8208-5FC16609A8BE}) (Version: 1.00 - QPAD)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Sage 50 Accounts 2016 (HKLM-x32\...\InstallShield_{12CE83F7-1A7F-4728-91CA-99E7DF84B2DC}) (Version: 22.0.8.191 - Sage (UK) Ltd)
SBDDesktopUpdateInstaller (HKLM-x32\...\{DD16B9AD-FEE2-405D-9E4C-62D44042C422}) (Version: 12.1.586.0 - SBDDesktopUpdateInstaller) Hidden
SDataConfigAddInInstaller (HKLM-x32\...\{FE71361E-8B8F-4A1B-8D4D-B00C7A082428}) (Version: 12.1.586.0 - SDataConfigAddInInstaller) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Winja version 6.0 (HKLM-x32\...\Winja_is1) (Version: 6.0 - Phrozen SAS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-05-23] (Canon Inc.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-12] (Dolby Laboratories)
Dolby Atmos for Headphones -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforHeadphones_2.3.303.0_x64__rz1tebttyb220 [2018-07-30] (Dolby Laboratories)
EdgeDevtoolsPlugin -> C:\WINDOWS\SystemApps\Microsoft.EdgeDevtoolsPlugin_cw5n1h2txyewy [2019-06-05] (Microsoft Corporation)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft To-Do -> C:\Program Files\WindowsApps\Microsoft.Todos_1.57.21415.0_x64__8wekyb3d8bbwe [2019-05-27] (Microsoft Corporation)
Spybot Identity Monitor -> C:\Program Files\WindowsApps\0B776BFA.SpybotIdentityMonitor_3.3.0.0_x86__vfa2pmx4tgtj4 [2019-03-28] (Safer-Networking Ltd.)
Tabnalysis -> C:\Program Files\WindowsApps\7121BryceHutchings.Tabnalysis_1.6.0.0_neutral__n8amc39vh1w3e [2019-03-12] (Bryce Hutchings)
Ultra File Opener -> C:\Program Files\WindowsApps\D5BE6627.371995F5E41A5_7.0.3.0_x86__9pm2v9747qaaa [2019-04-25] (CompuClever Systems Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\lordj\Dropbox\Dropbox [2017-01-20 17:20]
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation -> EldoS Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-04-03] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\lordj\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2019-05-27 23:52 - 2019-05-27 23:52 - 000158720 ____C ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\bfaba15225107d64a1ca5089d9f628b4\Interop.EKAiO2SDKLib.ni.dll
2017-04-19 17:11 - 2019-06-10 00:14 - 000035984 ____C (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-12-07 10:14 - 2012-06-14 18:18 - 000359936 ____C (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2017-06-22 12:37 - 2017-06-22 12:37 - 000075264 ____C (Eastman Kodak Company) [File not signed] C:\Program Files (x86)\Kodak\AiO\Center\Logger.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000294400 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\759dde4f9b26f5bd9c7f15429a1dcc16\Inkjet.Automation.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000076800 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\a45f47f8fb1bf042e41272e7abe7b0d2\Inkjet.Configuration.ni.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000095232 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Devidd83fa01#\5cd46c7514dc3eb49862fba0c0e39a19\Inkjet.DeviceSettings.ni.dll
2019-05-27 23:53 - 2019-05-27 23:53 - 000101376 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\d83d82bc4f4bcfbfaeafeb5cb1317168\Inkjet.Diagnostics.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000882176 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\250b93ef0187c9331ddd4ea08e269a60\Inkjet.Hardware.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000235520 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\6bce245abfb8c01bd54917e7128f842e\Inkjet.Localization.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000178176 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\038a6916797e4a27ec33134cec5061e7\Inkjet.Statistics.ni.dll
2019-05-27 23:52 - 2019-05-27 23:52 - 000327168 ____C (Eastman Kodak Company) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\b81e90b12fc85aaa1f170eb963c3f53c\Inkjet.Utilities.ni.dll
2013-06-04 15:06 - 2013-06-04 15:06 - 000008192 ____C (Microsoft) [File not signed] C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
2018-05-31 11:09 - 2018-05-31 11:09 - 000680960 _____ (Microsoft) [File not signed] C:\WINDOWS\assembly\GAC_32\Sage.Central.AutoUpdateManager\1.0.0.0__021b26c6762d83c5\Sage.Central.AutoUpdateManager.dll
2018-05-31 11:08 - 2017-10-27 17:06 - 000874368 ____C (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-05-31 11:09 - 2017-10-27 17:06 - 000339256 ____C (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2015-02-06 10:26 - 2015-02-06 10:26 - 000053248 ____C (Sage (UK) Limited) [File not signed] C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
2018-05-31 11:09 - 2018-05-31 11:09 - 000851968 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Syndication\1.0.0.0__c59b718b5ca510a8\Sage.Common.Syndication.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000061440 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Common.Web.Server\1.0.0.0__c59b718b5ca510a8\Sage.Common.Web.Server.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000010240 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Diagnostics\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Diagnostics.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000032768 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Feeds\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Feeds.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000032768 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server.Model\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.Model.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000258048 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Integration.Server\1.0.0.0__3f422f0ff54abde1\Sage.Integration.Server.dll
2018-05-31 11:09 - 2018-05-31 11:09 - 000077824 _____ (Sage (UK) Limited) [File not signed] C:\WINDOWS\assembly\GAC_MSIL\Sage.Utilities\1.0.0.0__c59b718b5ca510a8\Sage.Utilities.dll
2015-08-13 17:51 - 2016-12-06 22:38 - 000101376 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50AuthLib.dll
2015-08-13 18:00 - 2016-12-06 22:38 - 002396672 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50CtrlSvc_v22.exe
2015-08-13 17:57 - 2016-12-06 22:38 - 000411136 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50RmtAppClient.dll
2015-08-13 18:08 - 2016-12-06 22:38 - 003474944 ____C (Sage (UK) Ltd.) [File not signed] C:\Program Files (x86)\Sage\AccountsServiceV22\sg50svc_v22.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

lordy007

TS Rookie
==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\hola.org -> hxxp://hola.org
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-06 21:57 - 2019-04-14 23:20 - 000000852 ____C C:\WINDOWS\system32\drivers\etc\hosts


2018-03-01 18:47 - 2019-06-05 22:45 - 000000449 ____C C:\WINDOWS\system32\drivers\etc\hosts.ics

172.18.229.65 Lords-Money-Machine.mshome.net # 2024 6 1 3 21 45 4 502

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lordj\desktop\img_5430.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Block)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: PhoneSvc => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 2
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_DTS"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Elgato Sound Capture"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Stream Deck"
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "v4EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "Conime"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "IseUI"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk.disabled"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Tawk-desktop"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "OpenVPN-GUI"
HKU\S-1-5-21-3193031890-3382897552-1219898279-1001\...\StartupApproved\Run: => "AshSnap"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe (Microsoft Windows -> )
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4907EB22-9F3B-4A62-8D55-091FCCF84713}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{7CE085B0-08C6-470B-8B19-47974E24B52C}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{27045DDB-6DD6-4BB8-8BD7-038F0056EB5A}] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C71B82F9-1FDE-4544-9F43-BB76CBA1EDC9}] => (Block) C:\windows\system32\mmc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BF9725B0-44F4-43CB-BCD4-0F9800832910}] => (Allow) LPort=9322
FirewallRules: [{34388B29-97F6-450B-B118-AA56927F17BF}] => (Allow) LPort=5353
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

05-06-2019 00:45:48 Removed IPTInstaller
06-06-2019 19:46:00 Removed IPTInstaller

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2019 01:29:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:29:29Z. Error Code: 0x80041315.

Error: (06/10/2019 01:28:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:28:59Z. Error Code: 0x80041315.

Error: (06/10/2019 01:28:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:28:29Z. Error Code: 0x80041315.

Error: (06/10/2019 01:27:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:27:59Z. Error Code: 0x80041315.

Error: (06/10/2019 01:27:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:27:29Z. Error Code: 0x80041315.

Error: (06/10/2019 01:26:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:26:59Z. Error Code: 0x80041315.

Error: (06/10/2019 01:26:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:26:29Z. Error Code: 0x80041315.

Error: (06/10/2019 01:25:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-05-17T00:25:59Z. Error Code: 0x80041315.


System errors:
=============
Error: (06/10/2019 01:28:25 AM) (Source: DCOM) (EventID: 10016) (User: LORDS-MONEY-MAC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LORDS-MONEY-MAC\lordj SID (S-1-5-21-3193031890-3382897552-1219898279-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 12:59:45 AM) (Source: DCOM) (EventID: 10010) (User: LORDS-MONEY-MAC)
Description: The server {F3B4EA6B-3177-4EF9-A4E9-AAC11984B281} did not register with DCOM within the required timeout.

Error: (06/10/2019 12:57:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Connected Devices Platform User Service_7a774e service terminated unexpectedly. It has done this 3 time(s).

Error: (06/10/2019 12:57:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/10/2019 12:57:45 AM) (Source: DCOM) (EventID: 10010) (User: LORDS-MONEY-MAC)
Description: The server {F3B4EA6B-3177-4EF9-A4E9-AAC11984B281} did not register with DCOM within the required timeout.

Error: (06/10/2019 12:55:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (06/10/2019 12:55:45 AM) (Source: DCOM) (EventID: 10010) (User: LORDS-MONEY-MAC)
Description: The server {37998346-3765-45B1-8C66-AA88CA6B20B8} did not register with DCOM within the required timeout.

Error: (06/10/2019 12:53:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error


Windows Defender:
===================================
Date: 2019-06-05 20:28:20.962
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {476E5AF3-9EAF-43D4-9670-252DC39CADAF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-29 03:30:40.042
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {E729E181-D73A-4711-B7E8-AD57FFE3598D}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-14 03:12:24.225
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7427E092-2D96-447F-917D-EECE09C390F8}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-14 00:37:43.966
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A7057166-BFC5-484C-826A-B9CBA109A5A1}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-04-10 01:34:45.559
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DAE93218-72FC-49DB-890A-FE1999EFAD4B}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-06-06 23:07:06.123
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.141.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-06 23:07:06.123
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.141.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-06 23:07:06.123
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.295.141.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16000.6
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-05 16:09:26.167
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

Date: 2019-06-05 16:09:26.167
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.2789.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80070645
Error description: This action is only valid for products that are currently installed.

CodeIntegrity:
===================================

Date: 2019-06-10 01:28:54.789
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-06-10 01:08:29.151
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-10 00:53:59.529
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2019-06-10 00:49:02.579
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-10 00:44:15.902
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-10 00:28:28.871
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-10 00:24:42.179
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Store signing level requirements.

Date: 2019-06-10 00:21:50.010
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2103 08/15/2014
Motherboard: ASUSTeK COMPUTER INC. Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 32695.91 MB
Available physical RAM: 28080.31 MB
Total Virtual: 37559.91 MB
Available Virtual: 32971.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.22 GB) (Free:58.74 GB) NTFS
Drive e: (Backup2TB) (Fixed) (Total:1862.89 GB) (Free:818.37 GB) NTFS
Drive f: (Storage) (Fixed) (Total:931.51 GB) (Free:781.72 GB) NTFS
Drive g: () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
Drive h: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

\\?\Volume{d759ef00-8cd3-492a-9976-2c1b12c45e1f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 294E1CE3)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9ABD058F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Broni

Malware Annihilator
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.