Solved Win32/Skeeyah.B!rfn and Win32/Fuerboos.D!cl infection

[Jessi Linn]

Hi, everybody. New here - my husband told me to come here to check in since I got a pretty nasty infection on my Lenovo Ideapad 330 last night and I wanted to make sure that everything's cleaned up like it was supposed to be so I can be okay with going back to business as usual on my machine.

The Problems:
There were two main Trojans found in my machine: Win32/Skeeyah.B!rfn and Win32/Fuerboos.D!cland somewhere around 20 other malicious files on the initial Kaspersky scan(mentioned again below).

Sentret and Squirrel were two files that were also installed on my machine that were used after the backdoor from one of the trojans was opened, I think, to try and take my things. There was also something called 'foldershare' that opened up on its own when the initial infection occurred - but when I saw that, I shut my computer down and that was when the clean-up attempts had to start.
Microsoft OneDrive was involved as well, and it could be that the backdoor is still open -- but my husband disabled OneDrive from starting at boot, and he attempted to delete it so hopefully the backdoor was closed.

System restore didn't work, so eventually (after hours of trying AVClam from a Linux boot USB and eventually setting on a Kaspersky boot USB that actually ended up finding the above trojans along with the other files) I was able to get to this point, and now I'm trying to work through the aftermath.

Other troubling issues:
There are a few folders in system32 and another area that have text files with all of my system information, my husband said -- essentially logs of the infection that occurred -- and there are a couple of files that have started up on boot repeatedly, and they can't be deleted because they're in use. They are in the temp files, I'm told. I don't have names on them right at this moment. As soon as I'm able to get home, I can try and update with whatever I can find on those files. As I write this post, another Kaspersky scan from a USB drive that it's booted into is running, just to see if it finds anything that it didn't delete the first time.

My husband's helped me (since I've been at work and unable to run this all myself) get Kaspersky booted and rolling and it took out those trojans (though Windows Defender had to come in and finish deleting them? It showed them after I was finally able to re-enable Windows Defender through the registry again). After Kaspersky was ran (both the basic and the custom folder deep scan, or whatever it's called -- essentially the scan that it suggests since malware was found) Bitdefender was installed and started up and found more invasive files that my husband's been deleting. It's been running at boot since, so I'm hoping that's keeping any more invasion attempts at bay.

The question:
So, essentially, is there any way that anyone out there can help me make sure that everything's back to normal? I don't know how to go back through and make sure everything's been cleaned up. I'll fresh-reinstall if I have to, but this computer's just a few months old and I really don't want to have to do that. Silly me and that bogus file I downloaded. Tsk.

As soon as I can get home and the latest Kaspersky scan is done, I'll update this thread with absolutely anything anyone needs to hopefully help me make sure that everything's cleaned out.

Thank you so much for any help! I hope all of this makes sense. (This has been edited for clarity.)

 

[Broni]

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Jessi Linn]

Hi Broni, thank you so much for your response! The logs will be pasted in this reply and the next one.

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by jswh0 (administrator) on LAPTOP-A8BGVKS2 (LENOVO 81D2) (21-05-2019 23:22:06)
Running from C:\Users\jswh0\Desktop
Loaded Profiles: jswh0 (Available Profiles: jswh0)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-12-07] (Discord Inc. -> Discord Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Discord] => C:\Users\jswh0\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Policies\Explorer: [NoSecurityTab] 1

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A692CD7-0601-4613-B000-A494E7F16E1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {100358A2-F5DD-495B-909D-638FDD105604} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {12B99F0F-D715-420E-B516-42754A80E773} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {144CEF3B-C7DE-4F1E-BFFA-B8CF9E574904} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1D9A569D-0876-4D90-A1DE-82BF017C859A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {22CB607F-9054-4AF2-94DE-452E9B79562D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f1a6e08e-a2de-489c-a469-3cb6de6c9f83 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {30F6F8FC-C7EF-49D6-B1BB-82F44BF3FFDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3760A4F5-B5D6-499D-B010-E8B50A43097B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {3A3A8294-4382-438C-A0B4-9BAF140A8947} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48353078-C9EB-4403-8489-2E2D1519BE37} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {4FFA8CB0-77C1-44B4-942B-93F700F0B509} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {5309C39A-C763-4A5B-993D-D83AE9F8F297} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5EF2A195-8E7C-45B8-A14A-8F207B33BDB2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-08-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6DA43816-4328-463B-AE8E-E8438A61AD1A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8744401b-3633-4267-be74-f2d32e6c742f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {757A2031-EC72-4705-A95A-2823ACE57F97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {78EFDE96-3E06-4339-8328-0EFA7D1D36E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {7B22DF5B-1BD3-4BAE-B2BB-22B147CE0A46} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [87336 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8383C46D-220D-4594-A765-D7B3FAF3C208} - System32\Tasks\Opera scheduled Autoupdate 1544224919 => C:\Program Files\Opera\launcher.exe [1493592 2019-05-15] (Opera Software AS -> Opera Software)
Task: {887CC8CF-30BA-4D8E-A066-5FA214D1613B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AA0C484-2D37-4F67-B617-F98FB97604A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e25633eb-3568-4477-a743-67a84666de98 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9D19CD11-30FC-40F1-9634-D53FAC08DD40} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [462288 2018-11-15] (Bitdefender SRL -> Bitdefender)
Task: {B4CC87A0-4002-4B05-8F82-5076E717C564} - System32\Tasks\Icons8 Check For Updates => C:\Program Files (x86)\Icons8\Icons8.Job.exe [11264 2018-05-23] (Icons8 LLC) [File not signed]
Task: {BB47ECF2-601E-4016-BAE6-A034F825F5A4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {D4C2B371-2AAC-48D1-9666-3CB26B8072A5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [753240 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA530672-9865-4313-9376-3F29D4F4C32E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\Google" could not be unlocked Error: 5. <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW" was unlocked. <==== ATTENTION
Task: {DAAC63AD-4245-44F1-9270-685846845FEF} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe <==== ATTENTION
Task: {DC2A3E2D-5336-451C-9A0A-C3F2142C02BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0862812-9CB1-4055-9C8C-357FA346695F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {E7367563-092C-4AC1-B7A0-1EDE3888CF76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4A755B8-B57F-40D3-83E9-EB245F8FD545} - System32\Tasks\Icons8 Sync => C:\Program Files (x86)\Icons8\Icons8.Sync.exe [33792 2018-05-23] (Icons8 LLC) [File not signed]
Task: {F59C0442-6F17-4C00-9383-F35E58128AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F60E00EB-3251-498E-A912-BA320037F57C} - System32\Tasks\SearchTools => C:\Program Files (x86)\US Media Capital\SearchPro Tools\sptools.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{60363ef1-9416-461d-8bed-44d539f3e8a8}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{6b0d10a8-515d-41d6-8242-fcef15c2a465}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{fa259dfb-7c97-4d3f-aabe-cdad598302c4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

Opera:
=======
OPR StartupUrls: "hxxps://www.omegle.com/","hxxps://www.omegle.com/","hxxps://www.facebook.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/2/#inbox","hxxps://mail.google.com/mail/u/1/#inbox"
OPR Session Restore: -> is enabled.
OPR Extension: (LastPass: Free Password Manager) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-05-02]
OPR Extension: (convert2mp3.net Online Video Converter) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\kefimjmcofjhaphjiadipfoojljnoinn [2018-12-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe [481136 2018-06-25] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414720 2017-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677904 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398344 2018-06-08] (Dolby Laboratories, Inc. -> )
R2 ETDService; C:\WINDOWS\System32\ETDService.exe [200288 2018-01-23] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34664 2018-04-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52648 2018-05-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmdag.sys [40434552 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmpag.sys [545144 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [145792 2018-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1534688 2019-04-04] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [395728 2019-05-03] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [65472 2017-12-05] (WDKTestCert aswbldsv,131431045756648395 -> Qualcomm)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [298488 2019-04-24] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 ETDHCF; C:\WINDOWS\System32\drivers\ETDHCF.sys [30256 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S3 ETD_Keyboard; C:\WINDOWS\System32\drivers\ETD.sys [725032 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [374632 2018-11-19] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2329480 2017-12-22] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1035576 2018-04-19] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 23:22 - 2019-05-21 23:26 - 000024924 _____ C:\Users\jswh0\Desktop\FRST.txt
2019-05-21 23:21 - 2019-05-21 23:22 - 000000000 ____D C:\FRST
2019-05-21 23:21 - 2019-05-21 23:21 - 000000000 ____D C:\Users\jswh0\Desktop\FRST-OlderVersion
2019-05-21 23:20 - 2019-05-21 23:21 - 002435072 _____ (Farbar) C:\Users\jswh0\Desktop\FRST64.exe
2019-05-21 18:28 - 2019-05-21 18:28 - 000076716 _____ C:\ProgramData\agent.update.1558488478.bdinstall.v2.bin
2019-05-21 18:25 - 2019-05-21 18:25 - 000001199 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-05-21 18:25 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2019-05-21 18:23 - 2019-05-21 18:23 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-05-21 18:23 - 2019-05-21 18:23 - 000001214 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Bitdefender
2019-05-21 18:23 - 2019-05-03 19:18 - 000395728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2019-05-21 18:23 - 2019-04-24 15:27 - 000298488 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2019-05-21 18:23 - 2019-04-04 15:28 - 001534688 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2019-05-21 18:23 - 2019-01-14 17:25 - 000610640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2019-05-21 18:23 - 2018-11-28 06:45 - 000188384 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2019-05-21 18:23 - 2018-11-19 14:10 - 000374632 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2019-05-21 18:22 - 2019-05-21 23:26 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-05-21 18:21 - 2019-05-21 18:28 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-05-21 18:21 - 2019-05-21 18:21 - 000103652 _____ C:\ProgramData\agent.1558488073.bdinstall.v2.bin
2019-05-21 18:21 - 2019-05-21 18:21 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-05-21 18:20 - 2019-05-21 18:20 - 010372016 _____ C:\Users\jswh0\Downloads\bitdefender_online.exe
2019-05-21 18:06 - 2019-05-21 18:07 - 000000000 ____D C:\AdwCleaner
2019-05-21 18:03 - 2019-05-21 18:04 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Notepad++
2019-05-21 18:03 - 2019-05-21 18:03 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000001095 _____ C:\Users\Public\Desktop\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000000000 ____D C:\Program Files (x86)\Notepad++
2019-05-21 18:02 - 2019-05-21 18:02 - 007025360 _____ (Malwarebytes) C:\Users\jswh0\Downloads\adwcleaner_7.3.exe
2019-05-21 17:59 - 2019-05-21 17:59 - 000000870 _____ C:\Users\jswh0\Desktop\CCleaner.lnk
2019-05-21 17:59 - 2019-05-21 17:59 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-05-20 23:05 - 2019-05-20 23:05 - 000000000 ____D C:\ProgramData\1558418735
2019-05-20 23:00 - 2019-05-20 23:00 - 000003372 _____ C:\WINDOWS\System32\Tasks\SearchTools
2019-05-20 23:00 - 2019-05-20 23:00 - 000000000 ____D C:\ProgramData\US-Media Capital
2019-05-15 17:47 - 2019-05-17 19:16 - 000000000 ___RD C:\Users\jswh0\Desktop\Science Isn't Scary
2019-05-14 22:46 - 2019-05-03 05:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 05:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 22:46 - 2019-05-03 04:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 04:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 22:46 - 2019-05-03 04:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 22:46 - 2019-05-02 23:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-14 22:46 - 2019-05-02 23:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-14 22:46 - 2019-05-02 23:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 22:46 - 2019-05-02 23:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 22:46 - 2019-05-02 23:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 22:46 - 2019-05-02 23:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 22:46 - 2019-05-02 23:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000561152 _____ (Microsoft Corporation)

 

[Jessi Linn]

FRST.txt continued:

C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 22:46 - 2019-04-19 03:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 03:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 22:46 - 2019-04-19 03:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 22:46 - 2019-04-19 03:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 22:46 - 2019-04-19 03:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 22:46 - 2019-04-19 02:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 02:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 22:46 - 2019-04-19 02:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 22:46 - 2019-04-19 02:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 22:46 - 2019-04-18 22:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 22:46 - 2019-04-18 22:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 21:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 22:46 - 2019-04-18 21:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 22:46 - 2019-04-18 21:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 22:46 - 2019-04-18 21:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 22:46 - 2019-04-08 18:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 22:45 - 2019-05-03 05:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 22:45 - 2019-05-03 04:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 22:45 - 2019-05-03 04:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 22:45 - 2019-05-02 23:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 22:45 - 2019-05-02 23:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-14 22:45 - 2019-05-02 23:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 22:45 - 2019-05-02 23:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 22:45 - 2019-05-02 22:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 22:45 - 2019-05-02 22:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 22:45 - 2019-05-02 22:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 22:45 - 2019-05-02 22:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 22:45 - 2019-05-02 22:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-14 22:45 - 2019-05-02 21:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 22:45 - 2019-04-23 00:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-22 23:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-19 03:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 22:45 - 2019-04-19 03:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 22:45 - 2019-04-19 03:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 22:45 - 2019-04-18 22:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-09 19:15 - 2019-05-09 19:15 - 000518489 _____ C:\Users\jswh0\Downloads\Evidence_of_Coverage_(Medical)-01042019.pdf
2019-05-09 19:14 - 2019-05-09 19:14 - 000069198 _____ C:\Users\jswh0\Downloads\Your_rate_and_benefit_update_letter.pdf
2019-05-09 19:06 - 2019-04-24 09:06 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000130728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-05-08 14:41 - 2019-05-08 14:41 - 000135680 _____ C:\Users\jswh0\Downloads\CS MAY (2).pub
2019-05-08 14:40 - 2019-05-08 14:40 - 000609056 _____ C:\Users\jswh0\Downloads\pl5.pdf
2019-05-06 20:45 - 2019-03-14 04:23 - 000820824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-05-06 20:45 - 2019-03-14 01:10 - 029495258 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-05-06 20:45 - 2018-05-30 20:58 - 000165224 _____ C:\WINDOWS\system32\FMAPP.exe
2019-05-06 19:31 - 2019-05-06 19:31 - 000432206 _____ C:\Users\jswh0\Downloads\UdellMoniqueAnimalRangelandScienceExploringBreedDiff.pdf
2019-05-05 23:50 - 2019-05-05 23:50 - 003624635 _____ C:\Users\jswh0\Downloads\chw4 203.pdf
2019-05-01 20:08 - 2019-05-01 20:08 - 000000000 ____D C:\Users\Public\BlueStacks
2019-04-24 15:26 - 2019-04-24 15:27 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (2).pdf
2019-04-24 14:15 - 2019-04-24 14:16 - 011525128 _____ C:\Users\jswh0\Downloads\wordpress-5.1.1.zip
2019-04-23 21:09 - 2019-04-23 21:09 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (1).pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 23:27 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-21 23:15 - 2018-12-07 16:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-21 19:13 - 2019-02-13 13:08 - 000000000 ____D C:\Users\jswh0\AppData\Local\D3DSCache
2019-05-21 19:01 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-05-21 18:25 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-21 18:17 - 2019-01-07 17:17 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-21 18:17 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-21 18:13 - 2019-01-08 08:41 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-21 18:09 - 2019-01-08 08:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-21 18:08 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-21 18:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-21 17:59 - 2019-01-08 08:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-21 17:57 - 2018-12-07 16:23 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\discord
2019-05-21 17:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-21 10:17 - 2019-01-08 08:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-20 22:33 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 23:16 - 2018-12-07 17:11 - 000000000 ____D C:\Program Files\rempl
2019-05-16 20:36 - 2019-01-08 08:54 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1544224919
2019-05-16 20:36 - 2018-12-07 16:21 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-16 20:36 - 2018-12-07 16:21 - 000000000 ____D C:\Program Files\Opera
2019-05-16 20:35 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-16 01:15 - 2019-01-08 08:27 - 000403112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-16 01:12 - 2019-01-08 08:31 - 000000000 ____D C:\Users\jswh0
2019-05-16 01:03 - 2018-12-08 21:12 - 000000000 __SHD C:\Users\jswh0\wc
2019-05-15 17:51 - 2019-03-13 15:31 - 000000000 ___RD C:\Users\jswh0\Desktop\Job Nonsense
2019-05-15 17:51 - 2018-12-07 19:38 - 000000000 ___RD C:\Users\jswh0\Desktop\Useful
2019-05-14 22:45 - 2018-12-07 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 22:41 - 2018-12-07 17:04 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 22:31 - 2019-02-17 18:49 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-14 22:31 - 2019-02-17 18:49 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 17:30 - 2019-01-08 08:54 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 16:19 - 2019-01-08 08:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-621734548-2853496009-1861087639-1001
2019-05-14 16:19 - 2019-01-08 08:31 - 000002370 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-14 16:19 - 2018-12-07 16:18 - 000000000 ___RD C:\Users\jswh0\OneDrive
2019-05-06 20:45 - 2018-07-24 18:48 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2019-05-03 16:53 - 2019-01-09 20:54 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-03 16:53 - 2019-01-09 20:54 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-02 18:25 - 2018-12-09 20:00 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\.minecraft
2019-05-02 15:55 - 2018-12-25 17:55 - 000000000 ____D C:\Program Files\pia_manager
2019-05-02 15:53 - 2019-02-15 17:45 - 000000000 ____D C:\Users\jswh0\AppData\Local\Bluestacks
2019-05-01 21:58 - 2018-12-07 19:22 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-05-01 20:10 - 2018-12-07 16:15 - 000000000 ____D C:\Users\jswh0\AppData\Local\Packages
2019-04-28 17:22 - 2018-10-19 11:43 - 000002454 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
2019-04-24 15:53 - 2018-12-07 17:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-24 09:06 - 2018-12-08 01:07 - 000425128 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000054440 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2019-04-24 09:06 - 2018-07-24 18:51 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

 

[Jessi Linn]

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by jswh0 (21-05-2019 23:28:52)
Running from C:\Users\jswh0\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2019-01-08 15:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-621734548-2853496009-1861087639-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-621734548-2853496009-1861087639-503 - Limited - Disabled)
Guest (S-1-5-21-621734548-2853496009-1861087639-501 - Limited - Disabled)
jswh0 (S-1-5-21-621734548-2853496009-1861087639-1001 - Administrator - Enabled) => C:\Users\jswh0
WDAGUtilityAccount (S-1-5-21-621734548-2853496009-1861087639-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.0810.2245.39118 - Advanced Micro Devices, Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.112 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Discord (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Icons8 (HKLM-x32\...\{195AC760-D5CE-47B9-99EE-E144CD7BF94A}_is1) (Version: 6.0.0.6 - Icons8)
Java(TM) SE Development Kit 11.0.1 (64-bit) (HKLM\...\{F4039C0F-E4C1-5905-9E7D-DDA8EDE365BC}) (Version: 11.0.1.0 - Oracle Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20334 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.95 (HKLM-x32\...\Opera 60.0.3255.95) (Version: 60.0.3255.95 - Opera Software)
Scribus 1.4.7 (HKLM-x32\...\Scribus 1.4.7) (Version: 1.4.7 - The Scribus Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1001.237.0_x64__rz1tebttyb220 [2019-01-08] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-07] (Fitbit)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-25] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-15] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-07] (LinkedIn)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe [2019-05-19] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-12-07] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.9516.0_x86__m916jedk64snt [2018-12-07] (CYBERLINKCOM CORPORATION)
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.1.9528.0_x86__m916jedk64snt [2018-12-20] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-05-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 [2019-05-13] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-05-19] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-10] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

 

[Broni]

Both logs are incomplete.

 

[Jessi Linn]

Hi Broni,

I'm sorry, let me re-run and post what I get -- what I copy-pasted was all that was output, so let me try it again.

 

[Jessi Linn]

FRST.txt - scan was re-run 12:15 AM on 05/22/2019:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by jswh0 (administrator) on LAPTOP-A8BGVKS2 (LENOVO 81D2) (22-05-2019 00:12:14)
Running from C:\Users\jswh0\Desktop
Loaded Profiles: jswh0 (Available Profiles: jswh0)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-12-07] (Discord Inc. -> Discord Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Discord] => C:\Users\jswh0\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Policies\Explorer: [NoSecurityTab] 1

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A692CD7-0601-4613-B000-A494E7F16E1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {100358A2-F5DD-495B-909D-638FDD105604} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {12B99F0F-D715-420E-B516-42754A80E773} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {144CEF3B-C7DE-4F1E-BFFA-B8CF9E574904} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1D9A569D-0876-4D90-A1DE-82BF017C859A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {22CB607F-9054-4AF2-94DE-452E9B79562D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f1a6e08e-a2de-489c-a469-3cb6de6c9f83 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {30F6F8FC-C7EF-49D6-B1BB-82F44BF3FFDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3760A4F5-B5D6-499D-B010-E8B50A43097B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {3A3A8294-4382-438C-A0B4-9BAF140A8947} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {48353078-C9EB-4403-8489-2E2D1519BE37} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {4FFA8CB0-77C1-44B4-942B-93F700F0B509} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {5309C39A-C763-4A5B-993D-D83AE9F8F297} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5EF2A195-8E7C-45B8-A14A-8F207B33BDB2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-08-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6DA43816-4328-463B-AE8E-E8438A61AD1A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8744401b-3633-4267-be74-f2d32e6c742f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {757A2031-EC72-4705-A95A-2823ACE57F97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {78EFDE96-3E06-4339-8328-0EFA7D1D36E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {7B22DF5B-1BD3-4BAE-B2BB-22B147CE0A46} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [87336 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8383C46D-220D-4594-A765-D7B3FAF3C208} - System32\Tasks\Opera scheduled Autoupdate 1544224919 => C:\Program Files\Opera\launcher.exe [1493592 2019-05-15] (Opera Software AS -> Opera Software)
Task: {887CC8CF-30BA-4D8E-A066-5FA214D1613B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AA0C484-2D37-4F67-B617-F98FB97604A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e25633eb-3568-4477-a743-67a84666de98 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9D19CD11-30FC-40F1-9634-D53FAC08DD40} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [462288 2018-11-15] (Bitdefender SRL -> Bitdefender)
Task: {B4CC87A0-4002-4B05-8F82-5076E717C564} - System32\Tasks\Icons8 Check For Updates => C:\Program Files (x86)\Icons8\Icons8.Job.exe [11264 2018-05-23] (Icons8 LLC) [File not signed]
Task: {BB47ECF2-601E-4016-BAE6-A034F825F5A4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {D4C2B371-2AAC-48D1-9666-3CB26B8072A5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [753240 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA530672-9865-4313-9376-3F29D4F4C32E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {DAAC63AD-4245-44F1-9270-685846845FEF} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe <==== ATTENTION
Task: {DC2A3E2D-5336-451C-9A0A-C3F2142C02BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0862812-9CB1-4055-9C8C-357FA346695F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {E7367563-092C-4AC1-B7A0-1EDE3888CF76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4A755B8-B57F-40D3-83E9-EB245F8FD545} - System32\Tasks\Icons8 Sync => C:\Program Files (x86)\Icons8\Icons8.Sync.exe [33792 2018-05-23] (Icons8 LLC) [File not signed]
Task: {F59C0442-6F17-4C00-9383-F35E58128AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F60E00EB-3251-498E-A912-BA320037F57C} - System32\Tasks\SearchTools => C:\Program Files (x86)\US Media Capital\SearchPro Tools\sptools.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{60363ef1-9416-461d-8bed-44d539f3e8a8}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{6b0d10a8-515d-41d6-8242-fcef15c2a465}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{fa259dfb-7c97-4d3f-aabe-cdad598302c4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

Opera:
=======
OPR StartupUrls: "hxxps://www.omegle.com/","hxxps://www.omegle.com/","hxxps://www.facebook.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/2/#inbox","hxxps://mail.google.com/mail/u/1/#inbox"
OPR Session Restore: -> is enabled.
OPR Extension: (LastPass: Free Password Manager) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-05-02]
OPR Extension: (convert2mp3.net Online Video Converter) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\kefimjmcofjhaphjiadipfoojljnoinn [2018-12-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe [481136 2018-06-25] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414720 2017-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677904 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398344 2018-06-08] (Dolby Laboratories, Inc. -> )
R2 ETDService; C:\WINDOWS\System32\ETDService.exe [200288 2018-01-23] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34664 2018-04-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52648 2018-05-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmdag.sys [40434552 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmpag.sys [545144 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [145792 2018-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1534688 2019-04-04] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [395728 2019-05-03] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [65472 2017-12-05] (WDKTestCert aswbldsv,131431045756648395 -> Qualcomm)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [298488 2019-04-24] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 ETDHCF; C:\WINDOWS\System32\drivers\ETDHCF.sys [30256 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S3 ETD_Keyboard; C:\WINDOWS\System32\drivers\ETD.sys [725032 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [374632 2018-11-19] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2329480 2017-12-22] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1035576 2018-04-19] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)

 

[Jessi Linn]

FRST.txt continued:

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-22 00:12 - 2019-05-22 00:13 - 000024421 _____ C:\Users\jswh0\Desktop\FRST.txt
2019-05-21 23:21 - 2019-05-21 23:22 - 000000000 ____D C:\FRST
2019-05-21 23:20 - 2019-05-21 23:21 - 002435072 _____ (Farbar) C:\Users\jswh0\Desktop\FRST64.exe
2019-05-21 20:25 - 2019-05-21 20:25 - 000062736 _____ C:\Users\jswh0\Desktop\EthogramTemplate.pptx
2019-05-21 18:28 - 2019-05-21 18:28 - 000076716 _____ C:\ProgramData\agent.update.1558488478.bdinstall.v2.bin
2019-05-21 18:25 - 2019-05-21 18:25 - 000001199 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-05-21 18:25 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2019-05-21 18:23 - 2019-05-21 18:23 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-05-21 18:23 - 2019-05-21 18:23 - 000001214 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Bitdefender
2019-05-21 18:23 - 2019-05-03 19:18 - 000395728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2019-05-21 18:23 - 2019-04-24 15:27 - 000298488 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2019-05-21 18:23 - 2019-04-04 15:28 - 001534688 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2019-05-21 18:23 - 2019-01-14 17:25 - 000610640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2019-05-21 18:23 - 2018-11-28 06:45 - 000188384 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2019-05-21 18:23 - 2018-11-19 14:10 - 000374632 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2019-05-21 18:22 - 2019-05-22 00:07 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-05-21 18:21 - 2019-05-21 18:28 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-05-21 18:21 - 2019-05-21 18:21 - 000103652 _____ C:\ProgramData\agent.1558488073.bdinstall.v2.bin
2019-05-21 18:21 - 2019-05-21 18:21 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-05-21 18:20 - 2019-05-21 18:20 - 010372016 _____ C:\Users\jswh0\Downloads\bitdefender_online.exe
2019-05-21 18:06 - 2019-05-21 18:07 - 000000000 ____D C:\AdwCleaner
2019-05-21 18:03 - 2019-05-21 18:04 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Notepad++
2019-05-21 18:03 - 2019-05-21 18:03 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000001095 _____ C:\Users\Public\Desktop\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000000000 ____D C:\Program Files (x86)\Notepad++
2019-05-21 18:02 - 2019-05-21 18:02 - 007025360 _____ (Malwarebytes) C:\Users\jswh0\Downloads\adwcleaner_7.3.exe
2019-05-21 17:59 - 2019-05-21 17:59 - 000000870 _____ C:\Users\jswh0\Desktop\CCleaner.lnk
2019-05-21 17:59 - 2019-05-21 17:59 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-05-20 23:05 - 2019-05-20 23:05 - 000000000 ____D C:\ProgramData\1558418735
2019-05-20 23:00 - 2019-05-20 23:00 - 000003372 _____ C:\WINDOWS\System32\Tasks\SearchTools
2019-05-20 23:00 - 2019-05-20 23:00 - 000000000 ____D C:\ProgramData\US-Media Capital
2019-05-15 17:47 - 2019-05-17 19:16 - 000000000 ___RD C:\Users\jswh0\Desktop\Science Isn't Scary
2019-05-14 22:46 - 2019-05-03 05:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 05:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 22:46 - 2019-05-03 04:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 04:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 22:46 - 2019-05-03 04:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 22:46 - 2019-05-02 23:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-14 22:46 - 2019-05-02 23:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-14 22:46 - 2019-05-02 23:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 22:46 - 2019-05-02 23:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 22:46 - 2019-05-02 23:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 22:46 - 2019-05-02 23:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 22:46 - 2019-05-02 23:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 22:46 - 2019-04-19 03:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 03:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 22:46 - 2019-04-19 03:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 22:46 - 2019-04-19 03:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 22:46 - 2019-04-19 03:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 22:46 - 2019-04-19 02:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 02:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 22:46 - 2019-04-19 02:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 22:46 - 2019-04-19 02:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 22:46 - 2019-04-18 22:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 22:46 - 2019-04-18 22:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 21:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 22:46 - 2019-04-18 21:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 22:46 - 2019-04-18 21:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 22:46 - 2019-04-18 21:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 22:46 - 2019-04-08 18:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 22:45 - 2019-05-03 05:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 22:45 - 2019-05-03 04:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 22:45 - 2019-05-03 04:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 22:45 - 2019-05-02 23:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 22:45 - 2019-05-02 23:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-14 22:45 - 2019-05-02 23:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 22:45 - 2019-05-02 23:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 22:45 - 2019-05-02 22:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 22:45 - 2019-05-02 22:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 22:45 - 2019-05-02 22:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 22:45 - 2019-05-02 22:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 22:45 - 2019-05-02 22:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-14 22:45 - 2019-05-02 21:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 22:45 - 2019-04-23 00:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-22 23:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-19 03:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 22:45 - 2019-04-19 03:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 22:45 - 2019-04-19 03:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 22:45 - 2019-04-18 22:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-09 19:15 - 2019-05-09 19:15 - 000518489 _____ C:\Users\jswh0\Downloads\Evidence_of_Coverage_(Medical)-01042019.pdf
2019-05-09 19:14 - 2019-05-09 19:14 - 000069198 _____ C:\Users\jswh0\Downloads\Your_rate_and_benefit_update_letter.pdf
2019-05-09 19:06 - 2019-04-24 09:06 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000130728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-05-08 14:41 - 2019-05-08 14:41 - 000135680 _____ C:\Users\jswh0\Downloads\CS MAY (2).pub
2019-05-08 14:40 - 2019-05-08 14:40 - 000609056 _____ C:\Users\jswh0\Downloads\pl5.pdf
2019-05-06 20:45 - 2019-03-14 04:23 - 000820824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-05-06 20:45 - 2019-03-14 01:10 - 029495258 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-05-06 20:45 - 2018-05-30 20:58 - 000165224 _____ C:\WINDOWS\system32\FMAPP.exe
2019-05-06 19:31 - 2019-05-06 19:31 - 000432206 _____ C:\Users\jswh0\Downloads\UdellMoniqueAnimalRangelandScienceExploringBreedDiff.pdf
2019-05-05 23:50 - 2019-05-05 23:50 - 003624635 _____ C:\Users\jswh0\Downloads\chw4 203.pdf
2019-05-01 20:08 - 2019-05-01 20:08 - 000000000 ____D C:\Users\Public\BlueStacks
2019-04-24 15:26 - 2019-04-24 15:27 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (2).pdf
2019-04-24 14:15 - 2019-04-24 14:16 - 011525128 _____ C:\Users\jswh0\Downloads\wordpress-5.1.1.zip
2019-04-23 21:09 - 2019-04-23 21:09 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (1).pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-22 00:12 - 2018-12-07 19:38 - 000000000 ___RD C:\Users\jswh0\Desktop\Useful
2019-05-22 00:07 - 2019-01-08 08:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-22 00:07 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-21 20:30 - 2018-12-07 16:15 - 000000000 ____D C:\Users\jswh0\AppData\Local\Packages
2019-05-21 20:29 - 2018-12-07 16:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-21 19:13 - 2019-02-13 13:08 - 000000000 ____D C:\Users\jswh0\AppData\Local\D3DSCache
2019-05-21 19:01 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-05-21 18:25 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-21 18:17 - 2019-01-07 17:17 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-21 18:17 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-21 18:13 - 2019-01-08 08:41 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-21 18:09 - 2019-01-08 08:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-21 18:08 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-21 18:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-21 17:59 - 2019-01-08 08:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-21 17:57 - 2018-12-07 16:23 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\discord
2019-05-21 17:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-20 22:33 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 23:16 - 2018-12-07 17:11 - 000000000 ____D C:\Program Files\rempl
2019-05-16 20:36 - 2019-01-08 08:54 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1544224919
2019-05-16 20:36 - 2018-12-07 16:21 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-16 20:36 - 2018-12-07 16:21 - 000000000 ____D C:\Program Files\Opera
2019-05-16 20:35 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-16 01:15 - 2019-01-08 08:27 - 000403112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-16 01:12 - 2019-01-08 08:31 - 000000000 ____D C:\Users\jswh0
2019-05-16 01:03 - 2018-12-08 21:12 - 000000000 __SHD C:\Users\jswh0\wc
2019-05-15 17:51 - 2019-03-13 15:31 - 000000000 ___RD C:\Users\jswh0\Desktop\Job Nonsense
2019-05-14 22:45 - 2018-12-07 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 22:41 - 2018-12-07 17:04 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 22:31 - 2019-02-17 18:49 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-14 22:31 - 2019-02-17 18:49 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 17:30 - 2019-01-08 08:54 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 16:19 - 2019-01-08 08:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-621734548-2853496009-1861087639-1001
2019-05-14 16:19 - 2019-01-08 08:31 - 000002370 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-14 16:19 - 2018-12-07 16:18 - 000000000 ___RD C:\Users\jswh0\OneDrive
2019-05-06 20:45 - 2018-07-24 18:48 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2019-05-03 16:53 - 2019-01-09 20:54 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-03 16:53 - 2019-01-09 20:54 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-02 18:25 - 2018-12-09 20:00 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\.minecraft
2019-05-02 15:55 - 2018-12-25 17:55 - 000000000 ____D C:\Program Files\pia_manager
2019-05-02 15:53 - 2019-02-15 17:45 - 000000000 ____D C:\Users\jswh0\AppData\Local\Bluestacks
2019-05-01 21:58 - 2018-12-07 19:22 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-04-28 17:22 - 2018-10-19 11:43 - 000002454 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
2019-04-24 15:53 - 2018-12-07 17:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-24 09:06 - 2018-12-08 01:07 - 000425128 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000054440 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2019-04-24 09:06 - 2018-07-24 18:51 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

[Jessi Linn]

Addition.txt, FRST scan re-ran 12:15 AM, 05/22/19:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by jswh0 (22-05-2019 00:14:39)
Running from C:\Users\jswh0\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2019-01-08 15:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-621734548-2853496009-1861087639-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-621734548-2853496009-1861087639-503 - Limited - Disabled)
Guest (S-1-5-21-621734548-2853496009-1861087639-501 - Limited - Disabled)
jswh0 (S-1-5-21-621734548-2853496009-1861087639-1001 - Administrator - Enabled) => C:\Users\jswh0
WDAGUtilityAccount (S-1-5-21-621734548-2853496009-1861087639-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.0810.2245.39118 - Advanced Micro Devices, Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.112 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Discord (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Icons8 (HKLM-x32\...\{195AC760-D5CE-47B9-99EE-E144CD7BF94A}_is1) (Version: 6.0.0.6 - Icons8)
Java(TM) SE Development Kit 11.0.1 (64-bit) (HKLM\...\{F4039C0F-E4C1-5905-9E7D-DDA8EDE365BC}) (Version: 11.0.1.0 - Oracle Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20334 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.95 (HKLM-x32\...\Opera 60.0.3255.95) (Version: 60.0.3255.95 - Opera Software)
Scribus 1.4.7 (HKLM-x32\...\Scribus 1.4.7) (Version: 1.4.7 - The Scribus Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1001.237.0_x64__rz1tebttyb220 [2019-01-08] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-07] (Fitbit)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-25] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-15] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-07] (LinkedIn)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe [2019-05-19] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-12-07] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.9516.0_x86__m916jedk64snt [2018-12-07] (CYBERLINKCOM CORPORATION)
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.1.9528.0_x86__m916jedk64snt [2018-12-20] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-05-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 [2019-05-13] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-05-19] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-10] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-24 23:55 - 2018-04-24 23:55 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 23:55 - 2018-04-24 23:55 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-03-15 13:53 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2018-08-10 23:42 - 2018-08-10 23:42 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2019-05-20 23:04 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jswh0\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\8enncLP.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FC56CA74-8DF1-4655-909E-59C9ABBDF42E}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8278E2E2-4C4D-4444-B7B4-34D3BBD65327}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{E1A13FB0-70C4-428C-8588-C8F850E4B455}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AC4B67F2-0721-4C42-8B05-4AB59DD623D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{0198CA1A-BC7B-4829-9AA7-63C2A16E8D11}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3FAA38CB-F5FF-45E6-9AF6-C7A80670853C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8E1384BE-7B37-450F-A3E7-23812B681D2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FD1215A-61B9-4DCD-8B87-FE1572E48FC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7D6D655C-8D14-4EDE-BE24-5FA04ABE9FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F028F8A3-DEE2-4964-9076-0CB775D0792B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{579A9896-8B18-4BE6-82D8-ECBBD6FB2CE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8DC35067-3D90-4337-85F8-DD5BCFD2F244}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8B48B1FD-592A-4DD7-AC20-29496C325464}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2568729-1BB2-42D3-A77A-F79FC21A8513}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C525691F-3339-4A9B-BF25-60E406C0BDBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A16BB2A8-319B-4EDC-9FAC-8C1D3370C612}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED8657B2-B0E0-41CB-B65B-09C8608CDCDB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EF2D1F0-1BB0-4C67-B2A0-82DC4ED41F15}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{139CC1B3-BBB9-4361-9A58-9B13E0830B0A}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A0F10011-3630-4807-911C-134BD7064ECE}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{BCF72614-5749-48EC-A937-3A0C7BBCB77F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51FFFBAD-25A6-4AFB-BBFF-795F08717F21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20CC0E9F-CC5B-4918-B3AA-1AA6293E8F89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0675136F-D9C2-44DB-8429-B36525D19807}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E24BFCA8-883A-4FA9-960D-19731EFB7542}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2E82001E-06D4-4440-B43D-3D05DDA82BBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D46A3EE4-5899-495E-8EF9-4DE5A8DDD7E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F45101F-4D7C-4956-BDA2-8AB0EBE5D430}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA263E2C-32CC-4A13-8F71-705CC4B76D1D}] => (Allow) C:\Program Files\Opera\60.0.3255.84\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{EA18E15B-241C-4511-ADDD-70073262F5A9}] => (Allow) C:\Program Files\Opera\60.0.3255.95\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2019 11:20:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/21/2019 11:20:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (05/21/2019 11:20:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 06:25:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.


System errors:
=============
Error: (05/22/2019 12:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:19:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:18:16 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:04:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:19:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:18:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:18:14 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:16:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Windows Defender:
===================================
Date: 2019-05-21 17:39:29.201
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-20 23:02:36.318
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:02:26.513
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Unwaders.A!ml&threatid=242872&enterprise=0
Name: Program:Win32/Unwaders.A!ml
ID: 242872
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\Hmhc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:02:21.653
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/Socelar&threatid=2147734469&enterprise=0
Name: TrojanDownloader:Win32/Socelar
ID: 2147734469
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.f113538b4771b8.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:01:15.110
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.D!cl&threatid=2147723655&enterprise=0
Name: Trojan:Win32/Fuerboos.D!cl
ID: 2147723655
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.1f0e31f35937f.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-04-06 22:43:03.506
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2019-04-05 22:29:47.471
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-05 22:20:00.481
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

==================== Memory info ===========================

BIOS: LENOVO 7VCN24WW 06/15/2018
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 3 2200U with Radeon Vega Mobile Gfx
Percentage of memory in use: 59%
Total physical RAM: 7733.49 MB
Available physical RAM: 3141.9 MB
Total Virtual: 12597.49 MB
Available Virtual: 6577.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:862.06 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.95 GB) NTFS

\\?\Volume{3b38e2fc-20df-477a-a739-c5f39c9dbf5e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{101c9948-c770-436a-b8b3-08e8963bf300}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2CD38575)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Good

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[Jessi Linn]

Rogue Killer report that was exported is in this post, further scans are continuing:

RogueKiller Anti-Malware V13.2.1.0 (x64) [May 22 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : jswh0 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190522_101325, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/05/22 14:28:08 (Duration : 00:13:07)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

 

[Jessi Linn]

Malwarebytes log (Please note, the two that said they were quarantined were subsequently quickly deleted.):
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/22/19
Scan Time: 2:45 PM
Log File: f8fdb0c0-7cda-11e9-bbe3-8c1645c9da7c.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10722
License: Trial

-System Information-
OS: Windows 10 (Build 17134.765)
CPU: x64
File System: NTFS
User: LAPTOP-A8BGVKS2\jswh0

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 278245
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1558418735, Quarantined, [3708], [452257],1.0.10722

File: 1
Trojan.Yelloader.Gen, C:\PROGRAMDATA\1558418735\s9.zip.download, Quarantined, [3708], [452257],1.0.10722

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Jessi Linn]

ADWCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-22-2019
# Duration: 00:00:15
# OS: Windows 10 Home
# Scanned: 27335
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [7882 octets] - [21/05/2019 18:06:38]
AdwCleaner[C00].txt - [6917 octets] - [21/05/2019 18:08:06]
AdwCleaner[S01].txt - [1372 octets] - [21/05/2019 18:18:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Jessi Linn]

Alright...New FRST logs incoming...

FRST.txt Part 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by jswh0 (administrator) on LAPTOP-A8BGVKS2 (LENOVO 81D2) (22-05-2019 15:10:11)
Running from C:\Users\jswh0\Desktop
Loaded Profiles: jswh0 (Available Profiles: jswh0)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19031.17720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11904.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera.exe
(Opera Software AS -> Opera Software) C:\Program Files\Opera\60.0.3255.95\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-12-07] (Discord Inc. -> Discord Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3152160 2019-04-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [Discord] => C:\Users\jswh0\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Policies\Explorer: [NoSecurityTab] 1

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A692CD7-0601-4613-B000-A494E7F16E1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {100358A2-F5DD-495B-909D-638FDD105604} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {12B99F0F-D715-420E-B516-42754A80E773} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {144CEF3B-C7DE-4F1E-BFFA-B8CF9E574904} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1D9A569D-0876-4D90-A1DE-82BF017C859A} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {22CB607F-9054-4AF2-94DE-452E9B79562D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f1a6e08e-a2de-489c-a469-3cb6de6c9f83 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {30F6F8FC-C7EF-49D6-B1BB-82F44BF3FFDB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {3760A4F5-B5D6-499D-B010-E8B50A43097B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {3A3A8294-4382-438C-A0B4-9BAF140A8947} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [54440 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {3B952619-5EE9-4E47-92A4-19C6B6AAC4D1} - System32\Tasks\RogueKiller Anti-Malware => C:\Program Files\RogueKiller\RogueKiller64.exe [33971256 2019-05-22] (Adlice -> )
Task: {48353078-C9EB-4403-8489-2E2D1519BE37} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe lenovo-utility://
Task: {4FFA8CB0-77C1-44B4-942B-93F700F0B509} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_pepper.exe [1452600 2019-05-14] (Adobe Inc. -> Adobe)
Task: {5309C39A-C763-4A5B-993D-D83AE9F8F297} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5EF2A195-8E7C-45B8-A14A-8F207B33BDB2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-08-10] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6DA43816-4328-463B-AE8E-E8438A61AD1A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8744401b-3633-4267-be74-f2d32e6c742f => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {757A2031-EC72-4705-A95A-2823ACE57F97} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1527080 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {78EFDE96-3E06-4339-8328-0EFA7D1D36E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-17] (Google Inc -> Google Inc.)
Task: {7B22DF5B-1BD3-4BAE-B2BB-22B147CE0A46} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [87336 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8383C46D-220D-4594-A765-D7B3FAF3C208} - System32\Tasks\Opera scheduled Autoupdate 1544224919 => C:\Program Files\Opera\launcher.exe [1493592 2019-05-15] (Opera Software AS -> Opera Software)
Task: {887CC8CF-30BA-4D8E-A066-5FA214D1613B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AA0C484-2D37-4F67-B617-F98FB97604A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e25633eb-3568-4477-a743-67a84666de98 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
Task: {9D19CD11-30FC-40F1-9634-D53FAC08DD40} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [462288 2018-11-15] (Bitdefender SRL -> Bitdefender)
Task: {B4CC87A0-4002-4B05-8F82-5076E717C564} - System32\Tasks\Icons8 Check For Updates => C:\Program Files (x86)\Icons8\Icons8.Job.exe [11264 2018-05-23] (Icons8 LLC) [File not signed]
Task: {BB47ECF2-601E-4016-BAE6-A034F825F5A4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {D4C2B371-2AAC-48D1-9666-3CB26B8072A5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [753240 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA530672-9865-4313-9376-3F29D4F4C32E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23965776 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {DAAC63AD-4245-44F1-9270-685846845FEF} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe <==== ATTENTION
Task: {DC2A3E2D-5336-451C-9A0A-C3F2142C02BD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0862812-9CB1-4055-9C8C-357FA346695F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {E7367563-092C-4AC1-B7A0-1EDE3888CF76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4A755B8-B57F-40D3-83E9-EB245F8FD545} - System32\Tasks\Icons8 Sync => C:\Program Files (x86)\Icons8\Icons8.Sync.exe [33792 2018-05-23] (Icons8 LLC) [File not signed]
Task: {F59C0442-6F17-4C00-9383-F35E58128AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2417232 2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F60E00EB-3251-498E-A912-BA320037F57C} - System32\Tasks\SearchTools => C:\Program Files (x86)\US Media Capital\SearchPro Tools\sptools.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{60363ef1-9416-461d-8bed-44d539f3e8a8}: [DhcpNameServer] 150.201.1.2
Tcpip\..\Interfaces\{6b0d10a8-515d-41d6-8242-fcef15c2a465}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{fa259dfb-7c97-4d3f-aabe-cdad598302c4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-01-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)

Opera:
=======
OPR StartupUrls: "hxxps://www.omegle.com/","hxxps://www.omegle.com/","hxxps://www.facebook.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://mail.google.com/mail/u/2/#inbox","hxxps://mail.google.com/mail/u/1/#inbox"
OPR Session Restore: -> is enabled.
OPR Extension: (LastPass: Free Password Manager) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2019-05-02]
OPR Extension: (convert2mp3.net Online Video Converter) - C:\Users\jswh0\AppData\Roaming\Opera Software\Opera Stable\Extensions\kefimjmcofjhaphjiadipfoojljnoinn [2018-12-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atiesrxx.exe [481136 2018-06-25] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\WINDOWS\system32\DRIVERS\AdminService.exe [414720 2017-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2195280 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677904 2019-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398344 2018-06-08] (Dolby Laboratories, Inc. -> )
R2 ETDService; C:\WINDOWS\System32\ETDService.exe [200288 2018-01-23] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [76968 2019-04-24] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender SRL -> Bitdefender)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [865568 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [341136 2018-11-13] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [246688 2018-11-13] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34664 2018-04-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [52648 2018-05-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmdag.sys [40434552 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\u0330099.inf_amd64_37ae791a544cf6a3\B330293\atikmpag.sys [545144 2018-06-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [145792 2018-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1534688 2019-04-04] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [395728 2019-05-03] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [65472 2017-12-05] (WDKTestCert aswbldsv,131431045756648395 -> Qualcomm)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [298488 2019-04-24] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 ETDHCF; C:\WINDOWS\System32\drivers\ETDHCF.sys [30256 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
S3 ETD_Keyboard; C:\WINDOWS\System32\drivers\ETD.sys [725032 2018-01-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [374632 2018-11-19] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2018-11-28] (Bitdefender SRL -> BitDefender LLC)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-22] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-22] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-22] (Malwarebytes Corporation -> Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2329480 2017-12-22] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1035576 2018-04-19] (Realtek Semiconductor Corp. -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-01-30] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [610640 2019-01-14] (Bitdefender SRL -> Bitdefender)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [236048 2018-12-18] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[Jessi Linn]

Part 2:



==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-22 15:10 - 2019-05-22 15:12 - 000026579 _____ C:\Users\jswh0\Desktop\FRST.txt
2019-05-22 14:45 - 2019-05-22 14:45 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-22 14:45 - 2019-05-22 14:45 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-22 14:45 - 2019-05-22 14:45 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-22 14:45 - 2019-05-22 14:45 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-22 14:45 - 2019-05-22 14:45 - 000000000 ____D C:\Users\jswh0\AppData\Local\mbamtray
2019-05-22 14:45 - 2019-05-22 14:45 - 000000000 ____D C:\Users\jswh0\AppData\Local\mbam
2019-05-22 14:44 - 2019-05-22 14:44 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-22 14:44 - 2019-05-22 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-22 14:44 - 2019-05-22 14:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-22 14:44 - 2019-05-22 14:44 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-22 14:44 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-22 14:44 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-22 14:27 - 2019-05-22 14:44 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-22 14:27 - 2019-05-22 14:27 - 000003152 _____ C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware
2019-05-22 14:27 - 2019-05-22 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-05-22 14:27 - 2019-05-22 14:27 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-21 23:21 - 2019-05-22 15:10 - 000000000 ____D C:\FRST
2019-05-21 23:20 - 2019-05-21 23:21 - 002435072 _____ (Farbar) C:\Users\jswh0\Desktop\FRST64.exe
2019-05-21 20:25 - 2019-05-21 20:25 - 000062736 _____ C:\Users\jswh0\Desktop\EthogramTemplate.pptx
2019-05-21 18:28 - 2019-05-21 18:28 - 000076716 _____ C:\ProgramData\agent.update.1558488478.bdinstall.v2.bin
2019-05-21 18:25 - 2019-05-21 18:25 - 000001199 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2019-05-21 18:25 - 2019-03-21 00:12 - 000022960 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2019-05-21 18:23 - 2019-05-21 18:23 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-05-21 18:23 - 2019-05-21 18:23 - 000001214 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free.lnk
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free
2019-05-21 18:23 - 2019-05-21 18:23 - 000000000 ____D C:\ProgramData\Bitdefender
2019-05-21 18:23 - 2019-05-03 19:18 - 000395728 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2019-05-21 18:23 - 2019-04-24 15:27 - 000298488 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
2019-05-21 18:23 - 2019-04-04 15:28 - 001534688 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2019-05-21 18:23 - 2019-01-14 17:25 - 000610640 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\trufos.sys
2019-05-21 18:23 - 2018-11-28 06:45 - 000188384 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2019-05-21 18:23 - 2018-11-19 14:10 - 000374632 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\gemma.sys
2019-05-21 18:22 - 2019-05-22 15:12 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2019-05-21 18:21 - 2019-05-21 18:28 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-05-21 18:21 - 2019-05-21 18:21 - 000103652 _____ C:\ProgramData\agent.1558488073.bdinstall.v2.bin
2019-05-21 18:21 - 2019-05-21 18:21 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2019-05-21 18:20 - 2019-05-21 18:20 - 010372016 _____ C:\Users\jswh0\Downloads\bitdefender_online.exe
2019-05-21 18:06 - 2019-05-21 18:07 - 000000000 ____D C:\AdwCleaner
2019-05-21 18:03 - 2019-05-21 18:04 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Notepad++
2019-05-21 18:03 - 2019-05-21 18:03 - 000001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000001095 _____ C:\Users\Public\Desktop\Notepad++.lnk
2019-05-21 18:03 - 2019-05-21 18:03 - 000000000 ____D C:\Program Files (x86)\Notepad++
2019-05-21 18:02 - 2019-05-21 18:02 - 007025360 _____ (Malwarebytes) C:\Users\jswh0\Downloads\adwcleaner_7.3.exe
2019-05-21 17:59 - 2019-05-21 17:59 - 000000870 _____ C:\Users\jswh0\Desktop\CCleaner.lnk
2019-05-21 17:59 - 2019-05-21 17:59 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-05-20 23:00 - 2019-05-20 23:00 - 000003372 _____ C:\WINDOWS\System32\Tasks\SearchTools
2019-05-20 23:00 - 2019-05-20 23:00 - 000000000 ____D C:\ProgramData\US-Media Capital
2019-05-15 17:47 - 2019-05-17 19:16 - 000000000 ___RD C:\Users\jswh0\Desktop\Science Isn't Scary
2019-05-14 22:46 - 2019-05-03 05:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 05:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-14 22:46 - 2019-05-03 04:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-14 22:46 - 2019-05-03 04:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-14 22:46 - 2019-05-03 04:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-14 22:46 - 2019-05-03 04:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-14 22:46 - 2019-05-03 04:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-14 22:46 - 2019-05-03 04:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-14 22:46 - 2019-05-02 23:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 005625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-14 22:46 - 2019-05-02 23:33 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-14 22:46 - 2019-05-02 23:33 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-14 22:46 - 2019-05-02 23:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-14 22:46 - 2019-05-02 23:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-14 22:46 - 2019-05-02 23:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-14 22:46 - 2019-05-02 23:31 - 002771256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 001459328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001260480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 001141224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-14 22:46 - 2019-05-02 23:31 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:31 - 000983632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-14 22:46 - 2019-05-02 23:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-14 22:46 - 2019-05-02 23:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 002258640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-14 22:46 - 2019-05-02 23:18 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-14 22:46 - 2019-05-02 23:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-14 22:46 - 2019-05-02 23:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-14 22:46 - 2019-05-02 23:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-14 22:46 - 2019-05-02 23:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 22:46 - 2019-05-02 23:00 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-14 22:46 - 2019-05-02 22:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 22:46 - 2019-05-02 22:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-14 22:46 - 2019-05-02 22:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 005350912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:56 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-14 22:46 - 2019-05-02 22:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-14 22:46 - 2019-05-02 22:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-14 22:46 - 2019-05-02 22:54 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-14 22:46 - 2019-05-02 22:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-14 22:46 - 2019-05-02 22:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-14 22:46 - 2019-04-19 03:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 03:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-14 22:46 - 2019-04-19 03:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-14 22:46 - 2019-04-19 03:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-14 22:46 - 2019-04-19 03:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-14 22:46 - 2019-04-19 02:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-14 22:46 - 2019-04-19 02:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-14 22:46 - 2019-04-19 02:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-14 22:46 - 2019-04-19 02:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-14 22:46 - 2019-04-18 22:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 22:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-14 22:46 - 2019-04-18 22:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-14 22:46 - 2019-04-18 22:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-14 22:46 - 2019-04-18 22:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-14 22:46 - 2019-04-18 21:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-14 22:46 - 2019-04-18 21:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-14 22:46 - 2019-04-18 21:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-14 22:46 - 2019-04-18 21:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-14 22:46 - 2019-04-18 21:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-14 22:46 - 2019-04-18 21:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-14 22:46 - 2019-04-18 21:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-14 22:46 - 2019-04-18 21:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-14 22:46 - 2019-04-18 21:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-14 22:46 - 2019-04-18 20:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-14 22:46 - 2019-04-08 18:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-14 22:45 - 2019-05-03 05:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-14 22:45 - 2019-05-03 04:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-14 22:45 - 2019-05-03 04:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-14 22:45 - 2019-05-03 04:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-14 22:45 - 2019-05-03 04:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-14 22:45 - 2019-05-03 04:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-14 22:45 - 2019-05-03 04:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-14 22:45 - 2019-05-02 23:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-14 22:45 - 2019-05-02 23:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-14 22:45 - 2019-05-02 23:33 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-14 22:45 - 2019-05-02 23:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-14 22:45 - 2019-05-02 23:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-14 22:45 - 2019-05-02 23:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-14 22:45 - 2019-05-02 23:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-14 22:45 - 2019-05-02 23:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-14 22:45 - 2019-05-02 23:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 22:45 - 2019-05-02 23:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-14 22:45 - 2019-05-02 22:59 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-14 22:45 - 2019-05-02 22:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-14 22:45 - 2019-05-02 22:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-14 22:45 - 2019-05-02 22:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-14 22:45 - 2019-05-02 22:57 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-14 22:45 - 2019-05-02 22:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-14 22:45 - 2019-05-02 22:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-14 22:45 - 2019-05-02 22:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-14 22:45 - 2019-05-02 21:38 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-14 22:45 - 2019-04-23 00:13 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-22 23:14 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 22:45 - 2019-04-19 03:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-14 22:45 - 2019-04-19 03:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-14 22:45 - 2019-04-19 03:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-14 22:45 - 2019-04-19 02:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-14 22:45 - 2019-04-18 22:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-14 22:45 - 2019-04-18 21:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-14 22:45 - 2019-04-18 21:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-14 22:45 - 2019-04-18 21:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-14 22:45 - 2019-04-18 21:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-14 22:45 - 2019-04-18 21:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-14 22:45 - 2019-04-18 21:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 22:45 - 2019-04-18 21:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-14 22:45 - 2019-04-08 18:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-09 19:15 - 2019-05-09 19:15 - 000518489 _____ C:\Users\jswh0\Downloads\Evidence_of_Coverage_(Medical)-01042019.pdf
2019-05-09 19:14 - 2019-05-09 19:14 - 000069198 _____ C:\Users\jswh0\Downloads\Your_rate_and_benefit_update_letter.pdf
2019-05-09 19:06 - 2019-04-24 09:06 - 000205992 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.CoreTypes.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000130728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.Utilities.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000097448 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.Modern.ImController.ImClient.dll
2019-05-09 19:06 - 2019-04-24 09:06 - 000043688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Lenovo.ImController.EventLogging.dll
2019-05-08 14:41 - 2019-05-08 14:41 - 000135680 _____ C:\Users\jswh0\Downloads\CS MAY (2).pub
2019-05-08 14:40 - 2019-05-08 14:40 - 000609056 _____ C:\Users\jswh0\Downloads\pl5.pdf
2019-05-06 20:45 - 2019-03-14 04:23 - 000820824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64U.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 001126344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCOM64.dll
2019-05-06 20:45 - 2019-03-14 01:23 - 000481888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2019-05-06 20:45 - 2019-03-14 01:10 - 029495258 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2019-05-06 20:45 - 2018-05-30 20:58 - 000165224 _____ C:\WINDOWS\system32\FMAPP.exe
2019-05-06 19:31 - 2019-05-06 19:31 - 000432206 _____ C:\Users\jswh0\Downloads\UdellMoniqueAnimalRangelandScienceExploringBreedDiff.pdf
2019-05-05 23:50 - 2019-05-05 23:50 - 003624635 _____ C:\Users\jswh0\Downloads\chw4 203.pdf
2019-05-01 20:08 - 2019-05-01 20:08 - 000000000 ____D C:\Users\Public\BlueStacks
2019-04-24 15:26 - 2019-04-24 15:27 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (2).pdf
2019-04-24 14:15 - 2019-04-24 14:16 - 011525128 _____ C:\Users\jswh0\Downloads\wordpress-5.1.1.zip
2019-04-23 21:09 - 2019-04-23 21:09 - 000064982 _____ C:\Users\jswh0\Downloads\Genetics project instructions (1).pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-22 15:10 - 2018-12-07 19:38 - 000000000 ___RD C:\Users\jswh0\Desktop\Useful
2019-05-22 14:47 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-22 14:44 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-22 00:16 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-22 00:07 - 2019-01-08 08:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-21 20:30 - 2018-12-07 16:15 - 000000000 ____D C:\Users\jswh0\AppData\Local\Packages
2019-05-21 20:29 - 2018-12-07 16:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-05-21 19:13 - 2019-02-13 13:08 - 000000000 ____D C:\Users\jswh0\AppData\Local\D3DSCache
2019-05-21 19:01 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Defender
2019-05-21 18:17 - 2019-01-07 17:17 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-21 18:13 - 2019-01-08 08:41 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-21 18:09 - 2019-01-08 08:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-21 18:08 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-05-21 18:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-05-21 17:59 - 2019-01-08 08:54 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-21 17:57 - 2018-12-07 16:23 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\discord
2019-05-21 17:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-20 22:33 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 23:16 - 2018-12-07 17:11 - 000000000 ____D C:\Program Files\rempl
2019-05-16 20:36 - 2019-01-08 08:54 - 000003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1544224919
2019-05-16 20:36 - 2018-12-07 16:21 - 000001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2019-05-16 20:36 - 2018-12-07 16:21 - 000000000 ____D C:\Program Files\Opera
2019-05-16 20:35 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-16 01:15 - 2019-01-08 08:27 - 000403112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-16 01:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-16 01:12 - 2019-01-08 08:31 - 000000000 ____D C:\Users\jswh0
2019-05-16 01:03 - 2018-12-08 21:12 - 000000000 __SHD C:\Users\jswh0\wc
2019-05-15 17:51 - 2019-03-13 15:31 - 000000000 ___RD C:\Users\jswh0\Desktop\Job Nonsense
2019-05-14 22:45 - 2018-12-07 17:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-14 22:41 - 2018-12-07 17:04 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-14 22:31 - 2019-02-17 18:49 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-14 22:31 - 2019-02-17 18:49 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-14 17:30 - 2019-01-08 08:54 - 000004600 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-05-14 17:30 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-05-14 16:19 - 2019-01-08 08:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-621734548-2853496009-1861087639-1001
2019-05-14 16:19 - 2019-01-08 08:31 - 000002370 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-14 16:19 - 2018-12-07 16:18 - 000000000 ___RD C:\Users\jswh0\OneDrive
2019-05-06 20:45 - 2018-07-24 18:48 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2019-05-03 16:53 - 2019-01-09 20:54 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-03 16:53 - 2019-01-09 20:54 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-02 18:25 - 2018-12-09 20:00 - 000000000 ____D C:\Users\jswh0\AppData\Roaming\.minecraft
2019-05-02 15:55 - 2018-12-25 17:55 - 000000000 ____D C:\Program Files\pia_manager
2019-05-02 15:53 - 2019-02-15 17:45 - 000000000 ____D C:\Users\jswh0\AppData\Local\Bluestacks
2019-05-01 21:58 - 2018-12-07 19:22 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-04-28 17:22 - 2018-10-19 11:43 - 000002454 _____ C:\Users\jswh0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk
2019-04-24 15:53 - 2018-12-07 17:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-24 09:06 - 2018-12-08 01:07 - 000425128 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2019-04-24 09:06 - 2018-12-08 01:07 - 000054440 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2019-04-24 09:06 - 2018-07-24 18:51 - 000104616 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

[Jessi Linn]

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by jswh0 (22-05-2019 15:13:37)
Running from C:\Users\jswh0\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2019-01-08 15:55:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-621734548-2853496009-1861087639-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-621734548-2853496009-1861087639-503 - Limited - Disabled)
Guest (S-1-5-21-621734548-2853496009-1861087639-501 - Limited - Disabled)
jswh0 (S-1-5-21-621734548-2853496009-1861087639-1001 - Administrator - Enabled) => C:\Users\jswh0
WDAGUtilityAccount (S-1-5-21-621734548-2853496009-1861087639-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.192 - Adobe)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.0810.2245.39118 - Advanced Micro Devices, Inc.)
Audacity 2.3.0 (HKLM-x32\...\Audacity_is1) (Version: 2.3.0 - Audacity Team)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.112 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Discord (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Icons8 (HKLM-x32\...\{195AC760-D5CE-47B9-99EE-E144CD7BF94A}_is1) (Version: 6.0.0.6 - Icons8)
Java(TM) SE Development Kit 11.0.1 (64-bit) (HKLM\...\{F4039C0F-E4C1-5905-9E7D-DDA8EDE365BC}) (Version: 11.0.1.0 - Oracle Corporation)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20334 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20334 - Microsoft Corporation) Hidden
Opera Stable 60.0.3255.95 (HKLM-x32\...\Opera 60.0.3255.95) (Version: 60.0.3255.95 - Opera Software)
RogueKiller version 13.2.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.1.0 - Adlice Software)
Scribus 1.4.7 (HKLM-x32\...\Scribus 1.4.7) (Version: 1.4.7 - The Scribus Team)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1001.237.0_x64__rz1tebttyb220 [2019-01-08] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2018-12-07] (Fitbit)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-25] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.52.0_x64__5grkq8ppsgwt4 [2019-04-15] (LENOVO INC)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-12-07] (LinkedIn)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.301.0_x64__8wekyb3d8bbwe [2019-05-19] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-12-07] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.9516.0_x86__m916jedk64snt [2018-12-07] (CYBERLINKCOM CORPORATION)
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.1.9528.0_x86__m916jedk64snt [2018-12-20] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-05-06] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 [2019-05-13] (Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-05-19] (Notepad++ -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-08-10] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-24 23:55 - 2018-04-24 23:55 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 23:55 - 2018-04-24 23:55 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-03-15 13:53 - 2018-08-12 20:29 - 001255424 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2018-08-10 23:42 - 2018-08-10 23:42 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 23:55 - 2018-04-24 23:55 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 06:46 - 2019-05-20 23:04 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-621734548-2853496009-1861087639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jswh0\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\8enncLP.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-621734548-2853496009-1861087639-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FC56CA74-8DF1-4655-909E-59C9ABBDF42E}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8278E2E2-4C4D-4444-B7B4-34D3BBD65327}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{E1A13FB0-70C4-428C-8588-C8F850E4B455}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AC4B67F2-0721-4C42-8B05-4AB59DD623D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{0198CA1A-BC7B-4829-9AA7-63C2A16E8D11}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{3FAA38CB-F5FF-45E6-9AF6-C7A80670853C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{8E1384BE-7B37-450F-A3E7-23812B681D2B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6FD1215A-61B9-4DCD-8B87-FE1572E48FC8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7D6D655C-8D14-4EDE-BE24-5FA04ABE9FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F028F8A3-DEE2-4964-9076-0CB775D0792B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{579A9896-8B18-4BE6-82D8-ECBBD6FB2CE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8DC35067-3D90-4337-85F8-DD5BCFD2F244}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8B48B1FD-592A-4DD7-AC20-29496C325464}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B2568729-1BB2-42D3-A77A-F79FC21A8513}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C525691F-3339-4A9B-BF25-60E406C0BDBE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A16BB2A8-319B-4EDC-9FAC-8C1D3370C612}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED8657B2-B0E0-41CB-B65B-09C8608CDCDB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EF2D1F0-1BB0-4C67-B2A0-82DC4ED41F15}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [TCP Query User{139CC1B3-BBB9-4361-9A58-9B13E0830B0A}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A0F10011-3630-4807-911C-134BD7064ECE}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{BCF72614-5749-48EC-A937-3A0C7BBCB77F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51FFFBAD-25A6-4AFB-BBFF-795F08717F21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{20CC0E9F-CC5B-4918-B3AA-1AA6293E8F89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0675136F-D9C2-44DB-8429-B36525D19807}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E24BFCA8-883A-4FA9-960D-19731EFB7542}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2E82001E-06D4-4440-B43D-3D05DDA82BBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D46A3EE4-5899-495E-8EF9-4DE5A8DDD7E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F45101F-4D7C-4956-BDA2-8AB0EBE5D430}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA263E2C-32CC-4A13-8F71-705CC4B76D1D}] => (Allow) C:\Program Files\Opera\60.0.3255.84\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{EA18E15B-241C-4511-ADDD-70073262F5A9}] => (Allow) C:\Program Files\Opera\60.0.3255.95\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2019 11:20:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:20 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/21/2019 11:20:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (05/21/2019 11:20:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 11:20:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/21/2019 06:25:52 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating status to SECURITY_PRODUCT_STATE_SNOOZED.


System errors:
=============
Error: (05/22/2019 02:28:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/22/2019 12:12:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:19:11 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:18:16 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 08:04:05 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container SpotifyAB.SpotifyMusic_1.106.113.0_x86__zpdnekdrzrea0 SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:19:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:18:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/21/2019 11:18:14 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-A8BGVKS2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-A8BGVKS2\jswh0 SID (S-1-5-21-621734548-2853496009-1861087639-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-05-21 17:39:29.201
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-20 23:02:36.318
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...keeyah.B!rfn&threatid=2147726897&enterprise=0
Name: Trojan:Win32/Skeeyah.B!rfn
ID: 2147726897
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.3710e42b416cdc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:02:26.513
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...32/Unwaders.A!ml&threatid=242872&enterprise=0
Name: Program:Win32/Unwaders.A!ml
ID: 242872
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\Hmhc.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:02:21.653
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...in32/Socelar&threatid=2147734469&enterprise=0
Name: TrojanDownloader:Win32/Socelar
ID: 2147734469
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.f113538b4771b8.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-20 23:01:15.110
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?li...uerboos.D!cl&threatid=2147723655&enterprise=0
Name: Trojan:Win32/Fuerboos.D!cl
ID: 2147723655
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jswh0\AppData\Local\Temp\337961781\ic-0.1f0e31f35937f.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Users\jswh0\AppData\Local\Temp\run_548305.exe
Signature Version: AV: 1.293.1962.0, AS: 1.293.1962.0, NIS: 1.293.1962.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-04-06 22:43:03.506
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

Date: 2019-04-05 22:29:47.471
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1107.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-04-05 22:20:00.481
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

CodeIntegrity:
===================================

Date: 2019-05-22 14:45:07.078
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Opera\60.0.3255.95\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 7VCN24WW 06/15/2018
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 3 2200U with Radeon Vega Mobile Gfx
Percentage of memory in use: 69%
Total physical RAM: 7733.49 MB
Available physical RAM: 2380.65 MB
Total Virtual: 12597.49 MB
Available Virtual: 5891.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:861.58 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.95 GB) NTFS

\\?\Volume{3b38e2fc-20df-477a-a739-c5f39c9dbf5e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.59 GB) NTFS
\\?\Volume{101c9948-c770-436a-b8b3-08e8963bf300}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2CD38575)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Jessi Linn]

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by jswh0 (23-05-2019 01:35:47) Run:1
Running from C:\Users\jswh0\Desktop
Loaded Profiles: jswh0 (Available Profiles: jswh0)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Task: {DAAC63AD-4245-44F1-9270-685846845FEF} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW => C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe <==== ATTENTION
C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe
FirewallRules: [{FC56CA74-8DF1-4655-909E-59C9ABBDF42E}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{8278E2E2-4C4D-4444-B7B4-34D3BBD65327}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{E1A13FB0-70C4-428C-8588-C8F850E4B455}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{AC4B67F2-0721-4C42-8B05-4AB59DD623D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [{7D6D655C-8D14-4EDE-BE24-5FA04ABE9FD4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{F028F8A3-DEE2-4964-9076-0CB775D0792B}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{2EF2D1F0-1BB0-4C67-B2A0-82DC4ED41F15}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File

*****************

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAAC63AD-4245-44F1-9270-685846845FEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAAC63AD-4245-44F1-9270-685846845FEF}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineSW" => removed successfully
"C:\WINDOWS\SysWOW64\Microsoft\Protect\S-1-51-74\RB_1.4.45.63.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC56CA74-8DF1-4655-909E-59C9ABBDF42E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8278E2E2-4C4D-4444-B7B4-34D3BBD65327}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E1A13FB0-70C4-428C-8588-C8F850E4B455}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AC4B67F2-0721-4C42-8B05-4AB59DD623D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D6D655C-8D14-4EDE-BE24-5FA04ABE9FD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F028F8A3-DEE2-4964-9076-0CB775D0792B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EF2D1F0-1BB0-4C67-B2A0-82DC4ED41F15}" => removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-05-2019 01:38:00)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully

==== End of Fixlog 01:38:00 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Jessi Linn]

Checkup.txt:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus Free Antimalware
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Bitdefender Antivirus Free updatesrv.exe
Bitdefender Antivirus Free bdredline.exe
Bitdefender Antivirus Free vsserv.exe
Bitdefender Antivirus Free bdagent.exe
Malwarebytes Anti-Malware mbamtray.exe
Bitdefender Agent ProductAgentService.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[Jessi Linn]

FSS.txt:

Farbar Service Scanner Version: 27-01-2016
Ran by jswh0 (administrator) on 23-05-2019 at 15:39:06
Running from "C:\Users\jswh0\AppData\Local\Temp\scoped_dir8864_21786"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Jessi Linn]

TFC:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jswh0
->Temp folder emptied: 33582190 bytes
->Temporary Internet Files folder emptied: 6178971 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 391004 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 38.00 mb

 

[Jessi Linn]