1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive "localweatherradar" probable Chrome malware

Discussion in 'Malware and Virus Removal' started by flamingo, 2019/06/26.

Thread Status:
Not open for further replies.
  1. 2019/06/26
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Ran malwarebytes and adwcleaner which ran quickly and found nothing. The clearest symptom is frequent notifications with ads labeled as sourced from localweatherradar.co, nationalweatheragency.org. Other potentially related symptoms are 100% disk usage for 2-3 minutes on waking from sleep; slowdown generally running Office applications and seeming lack of memory in Excel when copying and pasting large hunks of data getting "proceed without undo" or "insufficient resources to complete..." with suggestion to close other applications or copy less data.
    See below (and another post if needed) for FRST.txt and Addition.txt.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
    Ran by Paul (administrator) on ASUS-LAPTOP-X55 (ASUSTeK COMPUTER INC. X555LAB) (26-06-2019 18:27:52)
    Running from C:\Users\Paul\Desktop
    Loaded Profiles: Paul (Available Profiles: Paul)
    Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (ASUS Cloud Corporation -> ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\AsusWSPanel.exe
    (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (AVAST Software a.s. -> ) C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
    (AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
    (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Just Great Software company Ltd. -> Just Great Software) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Paul\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
    (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\ASUSWSLoader.exe [62944 2016-05-04] (ASUS Cloud Corporation -> )
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-09-06]
    ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software a.s. -> AVAST Software)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {034B8347-4043-400F-A3D1-568D69296416} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {04CBBC05-03B7-47CD-B88F-23D6026C84CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-01] (Google Inc -> Google Inc.)
    Task: {0AB7B193-7041-41B9-808F-31A7E201E3BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {186D9D5B-AD59-446D-BD8F-D1AFD09D3A8F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2015-06-09] (ASUSTeK Computer Inc. -> ASUS)
    Task: {25A984FE-8C12-4758-AEBA-A1F752D86B84} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {32BD3BF5-4949-42C0-A1EE-012AF08D18A2} - System32\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001 => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupload.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {3782EBED-09F8-4247-BDFA-5445D9156E01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {44E55AF4-D51E-41B0-862E-06B092CB6856} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [505200 2015-05-29] (Dropbox, Inc -> )
    Task: {771753F1-2FA5-4E88-800B-0D51520BC971} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
    Task: {7BB6699D-F759-4C33-947F-E719098056BF} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [863040 2016-03-06] (AVAST Software a.s. -> AVAST Software)
    Task: {80B73F3A-7CE3-4F35-822B-163D6FC7E105} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {8957E004-43DC-406B-AFD7-EE578661C82F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {8C8CAED7-DF2A-43ED-938B-34BE7A497F0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {93BEE614-9634-4A08-AF4E-A7F38BE41E15} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-04-11] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {9F505623-83E7-4005-A9F3-50705694B56F} - System32\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001 => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupdate.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {A786FDF6-6FC4-4995-B50F-EED707045FEE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {B0A1040A-610A-4F5D-9E7F-0983E4122DEE} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {BCFDD404-BD2B-404C-BE1F-97425A1E80EB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14054104 2015-06-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
    Task: {E571D9C1-3E8F-49A6-B354-3D2DF9C7812F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133315992 2018-06-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {EA6DBD5F-5659-4215-8C71-4A3917E057AB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {FD3E538F-9BCD-4736-8009-4BAC887E4A36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-01] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001.job => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001.job => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupload.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6e291b42-0b74-40b7-bc08-10e85f2f8434}: [DhcpNameServer] 10.1.21.80 10.1.21.82
    Tcpip\..\Interfaces\{84bb295b-a8d8-4867-b082-4b8b3e6f7d94}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-651540725-2038268676-2268167659-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-651540725-2038268676-2268167659-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-651540725-2038268676-2268167659-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Paul\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default [2019-06-26]
    CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-20]
    CHR Extension: (Signal Private Messenger) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2018-11-29]
    CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
    CHR Extension: (Honey) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-06-14]
    CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
    CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-04]
    CHR Extension: (Chrome Media Router) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
    R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUSTeK Computer Inc. -> ASUS)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
    R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [324168 2018-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-06-10] (AVAST Software a.s. -> )
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-04-11] (ASUSTeK Computer Inc. -> ASUS Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
    R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel(R) Software -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-25] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R1 MpKsl51bb5a27; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{564D6161-C380-4DDB-9733-D19BA4148091}\MpKsl51bb5a27.sys [58120 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek Semiconductor Corp -> Realtek )
    R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [758352 2018-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
    R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation -> Oracle Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
    S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================
     
    flamingo,
    #1
  2. 2019/06/26
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Continuation of FRST.txt .....

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-26 18:27 - 2019-06-26 18:29 - 000027369 _____ C:\Users\Paul\Desktop\FRST.txt
    2019-06-26 18:23 - 2019-06-26 18:23 - 002418688 _____ (Farbar) C:\Users\Paul\Desktop\FRST64 (1).exe
    2019-06-26 01:56 - 2019-06-26 10:20 - 008939510 _____ C:\Users\Paul\Documents\HD115 as of 12082018.xlsb
    2019-06-25 21:54 - 2019-06-26 10:14 - 060125938 _____ C:\Users\Paul\Documents\CountyWide 12082018 1000s and 2000s.xlsb
    2019-06-25 14:24 - 2019-06-25 14:26 - 000037176 _____ C:\Users\Paul\Downloads\Addition.txt
    2019-06-25 14:21 - 2019-06-25 14:26 - 000063416 _____ C:\Users\Paul\Downloads\FRST.txt
    2019-06-25 14:20 - 2019-06-26 18:27 - 000000000 ____D C:\FRST
    2019-06-25 14:19 - 2019-06-25 14:19 - 002418688 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
    2019-06-25 14:04 - 2019-06-25 14:06 - 000000000 ____D C:\AdwCleaner
    2019-06-25 14:03 - 2019-06-25 14:03 - 007025360 _____ (Malwarebytes) C:\Users\Paul\Downloads\adwcleaner_7.3.exe
    2019-06-25 12:28 - 2019-06-25 12:28 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-06-25 12:28 - 2019-06-25 12:28 - 000000000 ____D C:\Users\Paul\AppData\Local\mbamtray
    2019-06-25 12:28 - 2019-06-25 12:28 - 000000000 ____D C:\Users\Paul\AppData\Local\mbam
    2019-06-25 12:27 - 2019-06-25 12:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-06-25 12:27 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-06-25 12:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-06-24 22:06 - 2019-06-26 10:19 - 056642839 _____ C:\Users\Paul\Documents\Countywide 12082018 3000s and 4000s.xlsb
    2019-06-21 12:18 - 2019-06-21 12:19 - 080290979 _____ C:\Users\Paul\Documents\CountyWide 12082018 (Autosaved).xlsb
    2019-06-20 02:56 - 2019-06-20 02:59 - 000066638 _____ C:\Users\Paul\Documents\Vetted PC list as of 06192019 for Colleen.xlsx
    2019-06-14 19:37 - 2019-02-13 00:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-06-14 19:23 - 2019-06-15 01:18 - 000000000 ____D C:\WINDOWS\Minidump
    2019-06-14 10:01 - 2019-06-14 10:01 - 000000165 ____H C:\Users\Paul\Documents\~$CountyWide 12082018.xlsb
    2019-06-14 07:34 - 2019-06-14 07:34 - 000000165 ____H C:\Users\Paul\Documents\~$CleanFinal PC List 06082019.xlsx
    2019-06-13 22:17 - 2019-06-07 06:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-06-13 22:17 - 2019-06-07 05:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-06-13 22:17 - 2019-06-07 05:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-06-13 22:17 - 2019-06-07 05:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-06-13 22:17 - 2019-06-07 05:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-06-13 22:17 - 2019-06-07 05:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-06-13 22:17 - 2019-06-07 01:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-06-13 22:17 - 2019-06-07 00:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-06-13 22:17 - 2019-06-07 00:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-06-13 22:17 - 2019-06-07 00:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-06-13 22:17 - 2019-06-07 00:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-06-13 22:17 - 2019-06-07 00:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-06-13 22:17 - 2019-06-07 00:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-06-13 22:17 - 2019-06-07 00:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-06-13 22:17 - 2019-06-07 00:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-06-13 22:17 - 2019-06-07 00:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-06-13 22:17 - 2019-06-07 00:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-06-13 22:17 - 2019-06-07 00:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-06-13 22:17 - 2019-06-07 00:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-06-13 22:17 - 2019-05-17 07:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2019-06-13 22:17 - 2019-05-17 07:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2019-06-13 22:17 - 2019-05-17 07:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-06-13 22:17 - 2019-05-17 07:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2019-06-13 22:17 - 2019-05-17 01:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-06-13 22:17 - 2019-05-17 01:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-06-13 22:17 - 2019-05-17 01:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-06-13 22:17 - 2019-05-17 01:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-06-13 22:17 - 2019-05-17 01:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-06-13 22:17 - 2019-05-17 00:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-06-13 22:17 - 2019-05-17 00:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-06-13 22:17 - 2019-05-17 00:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-06-13 22:17 - 2019-05-17 00:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-06-13 22:17 - 2019-05-17 00:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-06-13 22:17 - 2019-05-17 00:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2019-06-13 22:16 - 2019-06-07 06:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-06-13 22:16 - 2019-06-07 05:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-06-13 22:16 - 2019-06-07 05:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-06-13 22:16 - 2019-06-07 05:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-06-13 22:16 - 2019-06-07 05:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-06-13 22:16 - 2019-06-07 05:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-06-13 22:16 - 2019-06-07 05:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-06-13 22:16 - 2019-06-07 05:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-06-13 22:16 - 2019-06-07 05:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-06-13 22:16 - 2019-06-07 05:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-06-13 22:16 - 2019-06-07 01:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-06-13 22:16 - 2019-06-07 00:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
    2019-06-13 22:16 - 2019-06-07 00:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-06-13 22:16 - 2019-06-07 00:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-06-13 22:16 - 2019-06-07 00:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2019-06-13 22:16 - 2019-06-07 00:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-06-13 22:16 - 2019-06-07 00:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-06-13 22:16 - 2019-06-07 00:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
    2019-06-13 22:16 - 2019-06-07 00:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
    2019-06-13 22:16 - 2019-06-07 00:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-06-13 22:16 - 2019-06-07 00:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-06-13 22:16 - 2019-06-07 00:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-06-13 22:16 - 2019-06-07 00:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2019-06-13 22:16 - 2019-06-06 23:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
    2019-06-13 22:16 - 2019-05-18 17:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-06-13 22:16 - 2019-05-17 07:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2019-06-13 22:16 - 2019-05-17 07:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2019-06-13 22:16 - 2019-05-17 07:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2019-06-13 22:16 - 2019-05-17 07:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-06-13 22:16 - 2019-05-17 07:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
    2019-06-13 22:16 - 2019-05-17 07:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2019-06-13 22:16 - 2019-05-17 07:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
    2019-06-13 22:16 - 2019-05-17 07:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2019-06-13 22:16 - 2019-05-17 07:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2019-06-13 22:16 - 2019-05-17 07:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-06-13 22:16 - 2019-05-17 07:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2019-06-13 22:16 - 2019-05-17 07:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2019-06-13 22:16 - 2019-05-17 06:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2019-06-13 22:16 - 2019-05-17 06:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2019-06-13 22:16 - 2019-05-17 06:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2019-06-13 22:16 - 2019-05-17 06:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2019-06-13 22:16 - 2019-05-17 06:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2019-06-13 22:16 - 2019-05-17 04:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-06-13 22:16 - 2019-05-17 03:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-06-13 22:16 - 2019-05-17 02:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2019-06-13 22:16 - 2019-05-17 01:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2019-06-13 22:16 - 2019-05-17 01:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-06-13 22:16 - 2019-05-17 01:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
    2019-06-13 22:16 - 2019-05-17 01:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-06-13 22:16 - 2019-05-17 01:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2019-06-13 22:16 - 2019-05-17 01:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2019-06-13 22:16 - 2019-05-17 01:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-06-13 22:16 - 2019-05-17 01:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2019-06-13 22:16 - 2019-05-17 01:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2019-06-13 22:16 - 2019-05-17 01:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-06-13 22:16 - 2019-05-17 01:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
    2019-06-13 22:16 - 2019-05-17 01:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2019-06-13 22:16 - 2019-05-17 01:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2019-06-13 22:16 - 2019-05-17 01:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-06-13 22:16 - 2019-05-17 01:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-06-13 22:16 - 2019-05-17 01:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-06-13 22:16 - 2019-05-17 01:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2019-06-13 22:16 - 2019-05-17 01:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-06-13 22:16 - 2019-05-17 01:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-06-13 22:16 - 2019-05-17 01:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
    2019-06-13 22:16 - 2019-05-17 01:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2019-06-13 22:16 - 2019-05-17 00:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2019-06-13 22:16 - 2019-05-17 00:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-06-13 22:16 - 2019-05-17 00:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2019-06-13 22:16 - 2019-05-17 00:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-06-13 22:16 - 2019-05-17 00:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-06-13 22:16 - 2019-05-17 00:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
    2019-06-13 22:16 - 2019-05-17 00:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2019-06-13 22:16 - 2019-05-17 00:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2019-06-13 22:16 - 2019-05-17 00:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2019-06-13 22:16 - 2019-05-17 00:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2019-06-13 22:16 - 2019-05-17 00:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2019-06-13 22:16 - 2019-05-17 00:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2019-06-08 16:39 - 2019-06-26 13:44 - 000998969 _____ C:\Users\Paul\Documents\CleanFinal PC List 06082019.xlsx
    2019-06-07 00:55 - 2019-06-07 00:55 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct (2).zip
    2019-06-07 00:55 - 2019-06-07 00:55 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct (1).zip
    2019-06-07 00:51 - 2019-06-07 00:51 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct.zip
    2019-06-07 00:21 - 2019-06-07 00:21 - 001717376 _____ C:\Users\Paul\Downloads\detailtxt (2).zip
    2019-06-07 00:19 - 2019-06-07 00:19 - 002038913 _____ C:\Users\Paul\Downloads\detailxls (11).zip
    2019-06-07 00:19 - 2019-06-07 00:19 - 000000000 ____D C:\Users\Paul\Downloads\detailxls (10)
    2019-06-07 00:08 - 2019-06-07 00:08 - 002038913 _____ C:\Users\Paul\Downloads\detailxls (10).zip
    2019-06-04 02:53 - 2019-06-04 03:01 - 000000000 ____D C:\Users\Paul\Documents\2019 Election Code Changes
    2019-06-03 04:44 - 2019-06-08 21:49 - 000388444 _____ C:\Users\Paul\Documents\PC Final as of 06032019.xlsx
    2019-06-03 04:44 - 2019-06-03 04:44 - 000000165 ____H C:\Users\Paul\Documents\~$PC Final as of 06032019.xlsx
    2019-06-01 20:11 - 2019-06-01 20:11 - 000021450 _____ C:\Users\Paul\Downloads\billreport.pdf
    2019-06-01 00:09 - 2019-06-01 00:09 - 016421870 _____ C:\Users\Paul\Documents\HP Laptop 14-df0023cl Service Manual c06146792.pdf
    2019-06-01 00:07 - 2019-06-01 00:07 - 003951527 _____ C:\Users\Paul\Documents\HP Laptop 14-df0023cl user manual c06153159.pdf
    2019-05-29 22:49 - 2019-05-29 22:49 - 006342253 _____ C:\Users\Paul\Documents\0409_E10576_X555LA_LD_LN_EM_V4_B.pdf
    2019-05-28 17:38 - 2019-05-28 17:38 - 000052558 _____ C:\Users\Paul\Downloads\Charger Test Comparison.xlsx
    2019-05-27 23:11 - 2019-05-27 23:11 - 079187358 _____ C:\Users\Paul\Documents\CountyWide 12082018.xlsb
    2019-05-27 21:44 - 2019-05-30 11:13 - 037664123 _____ C:\Users\Paul\Documents\last of 3 plus all 4.xlsb

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-26 18:30 - 2015-09-06 16:48 - 000000165 _____ C:\Users\Paul\AppData\Roaming\sp_data.sys
    2019-06-26 18:19 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-06-26 17:44 - 2018-05-18 07:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-06-26 02:00 - 2018-05-18 08:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-06-26 02:00 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-06-26 02:00 - 2017-09-30 13:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-06-26 02:00 - 2017-08-02 13:54 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
    2019-06-26 02:00 - 2015-09-06 16:48 - 000000000 __SHD C:\Users\Paul\IntelGraphicsProfiles
    2019-06-26 01:59 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-06-25 22:15 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-06-25 16:21 - 2018-06-04 21:34 - 000000000 ____D C:\Users\Paul\AppData\Local\D3DSCache
    2019-06-25 12:27 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-06-21 15:36 - 2017-09-30 02:10 - 000000000 ____D C:\Program Files\rempl
    2019-06-21 07:24 - 2016-03-01 14:30 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-06-20 17:51 - 2017-05-26 10:14 - 000000000 ____D C:\Program Files\UNP
    2019-06-17 17:40 - 2018-05-18 08:03 - 000004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
    2019-06-15 18:33 - 2018-08-24 10:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-06-14 21:12 - 2018-05-18 08:03 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-14 21:12 - 2018-05-18 07:45 - 000002362 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-06-14 21:12 - 2015-09-06 16:51 - 000000000 ___RD C:\Users\Paul\OneDrive
    2019-06-14 21:09 - 2018-05-18 07:45 - 000000000 ____D C:\Users\Paul
    2019-06-14 20:37 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2019-06-14 19:37 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-06-14 05:27 - 2018-05-16 11:54 - 000000000 ____D C:\Users\Paul\AppData\Local\GoToMeeting
    2019-06-14 02:14 - 2018-05-18 07:57 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-06-14 02:08 - 2018-03-22 03:42 - 000000000 ___RD C:\Users\Paul\3D Objects
    2019-06-14 02:08 - 2015-09-06 05:16 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-06-14 02:07 - 2018-05-18 07:39 - 000424584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-06-13 22:15 - 2016-02-24 17:53 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-06-13 15:21 - 2016-02-24 17:53 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-06-12 17:01 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-06-09 02:11 - 2017-05-25 17:57 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001.job
    2019-06-09 02:11 - 2017-05-25 17:57 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001.job
    2019-06-08 21:49 - 2018-10-01 20:06 - 000000000 ____D C:\Users\Paul\Documents\Precinct Chairs
    2019-06-06 01:20 - 2018-05-18 08:03 - 000003826 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-06 01:20 - 2018-05-18 08:03 - 000003730 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-04 21:13 - 2018-03-22 03:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-05-30 20:57 - 2018-07-10 19:08 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-05-30 20:57 - 2018-07-10 19:08 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-05-27 23:34 - 2018-03-22 03:24 - 000000000 ____D C:\Users\Paul\AppData\Local\Packages

    ==================== Files in the root of some directories ================

    2017-11-28 18:04 - 2017-11-28 18:04 - 007649280 _____ () C:\Program Files (x86)\GUTF4A3.tmp
    2015-09-06 16:48 - 2019-06-26 18:30 - 000000165 _____ () C:\Users\Paul\AppData\Roaming\sp_data.sys
    2017-05-26 14:10 - 2019-05-18 14:52 - 000007601 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================
     
    flamingo,
    #2


  3. to hide this advert.

  4. 2019/06/26
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Continuation with Addition.txt below:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
    Ran by Paul (26-06-2019 18:30:56)
    Running from C:\Users\Paul\Desktop
    Windows 10 Home Version 1803 17134.829 (X64) (2018-05-18 13:04:16)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-651540725-2038268676-2268167659-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-651540725-2038268676-2268167659-503 - Limited - Disabled)
    Guest (S-1-5-21-651540725-2038268676-2268167659-501 - Limited - Disabled)
    Paul (S-1-5-21-651540725-2038268676-2268167659-1001 - Administrator - Enabled) => C:\Users\Paul
    WDAGUtilityAccount (S-1-5-21-651540725-2038268676-2268167659-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Connect (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\Adobe Connect App) (Version: 2018.7.10.32 - Adobe Systems Inc.)
    ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
    Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
    Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
    Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
    EditPad Lite 7.6.5 (HKLM\...\EditPad Lite) (Version: 7.6.5 - Just Great Software)
    Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
    Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
    Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version: - Primate Labs Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    GoToMeeting 8.45.2.13190 (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\GoToMeeting) (Version: 8.45.2.13190 - LogMeIn, Inc.)
    Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.0.6754 - Mozilla)
    Mozilla Thunderbird 52.9.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.0 (x86 en-US)) (Version: 52.9.0 - Mozilla)
    Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
    Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
    REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.871.072015 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.8.559 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
    Zoom (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

    Packages:
    =========
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.7.0_x64__qmba6cd70vzyy [2019-04-25] (ASUSTeK COMPUTER INC.)
    ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2016-03-06] (ASUSTeK COMPUTER INC.)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-05-28] (king.com)
    Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-31] (Flipboard)
    Gameloft Games -> C:\Program Files\WindowsApps\A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m [2016-03-06] (Gameloft.)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_95.1.531.0_x64__v10z8vjag6ke6 [2019-03-19] (HP Inc.)
    iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-06-25] (iHeartMedia.)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
    Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
    Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-03-21] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-21] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.375.0_x64__mcm4njqhnhss8 [2019-02-19] (Netflix, Inc.)
    TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-12-16] (TripAdvisor LLC)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-651540725-2038268676-2268167659-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Paul\AppData\Local\GoToMeeting\8625\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
    ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSContextMenu.dll [2016-05-04] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Signal Private Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bikioccmkafdpakkkcpdbppfkghcmihk

    ==================== Loaded Modules (Whitelisted) ==============

    2015-06-09 22:25 - 2015-06-09 22:25 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2015-05-31 11:15 - 2015-05-31 11:15 - 000071168 _____ (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
    2015-04-22 08:59 - 2015-04-22 08:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll
    2015-06-09 22:25 - 2015-06-09 22:25 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
    2015-05-19 11:11 - 2015-05-19 11:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 06:04 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{B9E191BA-52A8-46FE-987C-9C26C62785B3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{3B8E9235-D39A-407A-9570-D3B58D5C4B9F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{BAA2E797-F55A-4B4E-BB60-238F0ED06245}] => (Allow) C:\Users\Paul\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{D4D88F01-CA98-4448-89E1-3F5F7999966D}] => (Allow) C:\Users\Paul\AppData\Roaming\Zoom\bin\airhost.exe No File
    FirewallRules: [{479746C1-BF6A-4F35-91D4-F9FE3F88BC00}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5A7B8D42-5266-43AA-8E6D-16CCE1AE7EDB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{FD104701-3B75-440E-A509-8C1109947F30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{9370D49B-5559-4599-9420-FF80DECB76E0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{86473710-26D6-49DA-9DFF-32975FE89392}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{E09D4967-BC25-4F77-B884-540F9EBCB7E4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{71363541-D027-47D8-883C-B0F0727E1B84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    08-06-2019 22:02:47 Windows Update
    13-06-2019 15:17:26 Windows Update
    13-06-2019 15:18:34 Windows Update
    21-06-2019 15:32:56 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/26/2019 06:30:27 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 06:19:15 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 05:44:13 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 12:53:33 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 12:07:57 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 11:20:00 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 11:07:26 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/26/2019 10:47:57 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]


    System errors:
    =============
    Error: (06/26/2019 06:32:33 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
    Description: A corruption was discovered in the file system structure on volume OS.

    The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xb00000002f019. The name of the file is "<unable to determine file name>".

    Error: (06/26/2019 11:09:07 AM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 10:22:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 10:22:08 AM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 02:02:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscDataProtection
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 02:02:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    Windows.SecurityCenter.WscBrokerManager
    and APPID
    Unavailable
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 02:00:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/26/2019 02:00:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-06-26 02:33:04.320
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {27D92C08-60D4-4147-AA70-7841BE722194}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:56:32.274
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E61B5E76-ABBA-47C3-A427-ECB155A2A952}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:55:21.970
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {41F32882-1A30-4EFA-9C6E-68FB35F37323}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:51:45.878
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {98838E25-6325-401C-BC6C-A3CEED700AF6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:50:03.738
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {2A5006FB-6547-4130-B562-4B389A185864}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-25 16:31:15.225
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.1454.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-06-21 18:14:27.902
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.1197.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-06-17 00:00:02.248
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.806.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80072ee2
    Error description: The operation timed out

    Date: 2019-06-16 22:58:43.838
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.806.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80072ee2
    Error description: The operation timed out

    Date: 2019-06-14 18:42:29.907
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.648.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-06-25 12:25:06.700
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-25 12:25:06.434
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-25 12:25:06.363
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.625
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.612
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.598
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-05-27 18:13:59.881
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-05-27 18:13:59.868
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. X555LAB.503 08/04/2015
    Motherboard: ASUSTeK COMPUTER INC. X555LAB
    Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
    Percentage of memory in use: 49%
    Total physical RAM: 8100.71 MB
    Available physical RAM: 4073.13 MB
    Total Virtual: 16100.71 MB
    Available Virtual: 11397.57 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:185.15 GB) (Free:107.41 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (DATA) (Fixed) (Total:279.46 GB) (Free:279.32 GB) NTFS

    \\?\Volume{92d0d381-4325-4610-9f0a-92b811be0c44}\ () (Fixed) (Total:0.89 GB) (Free:0.45 GB) NTFS
    \\?\Volume{3b965679-d5b8-48d8-b6fd-bb38d478dd40}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: D15C6FD7)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
    flamingo,
    #3
  5. 2019/06/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
    broni,
    #4
  6. 2019/06/27
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Below are the roguekiller logs followed by, if there is room, the Malwarebytes logs.....
    Here is first roguekiller log ----
    RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Paul [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190626_101000, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/06/27 15:54:11 (Duration : 00:25:34)
    Switches : -refid 3

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen0 (Potentially Malicious)] Honey -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Deleted

    Here is second roguekiller log ----
    RogueKiller Anti-Malware V13.2.2.0 (x64) [Jun 10 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Paul [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190626_101000, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2019/06/27 15:54:11 (Duration : 00:25:34)
    Switches : -refid 3

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [PUP.Gen0 (Potentially Malicious)] Honey -- bmnlcjabgnpnenekpadlanbbkooimhnj -> Deleted

    This is also from RogueKiller log ----
    {"header": {"program": {"project": "RogueKiller Anti-Malware", "version": "13.2.2.0", "x64": true, "date": "Jun 10 2019", "contact": "https://adlice.com/contact/", "website": "https://adlice.com/download/roguekiller/"}, "environment": {"operating_system": "Windows 10 (10.0.17134) 64 bits", "boot": 0, "winpe": false, "user": "Paul", "user_admin": true, "program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe", "x64": true, "licensing": "free"}, "report": {"type": 2, "aborted": false, "date": "2019/06/27 20:54:11", "duration": 1534, "count": 1, "scanned_count": 70267, "scan_mode": "standard", "signatures_version": "20190626_101000", "log_legit": false, "expert_mode": false, "truesight_loaded": true, "switches": ["-refid", "3"], "id": "D8AA08612CB9F779", "scan_id": "3D5988A4C4BBBD37"}}, "removal": [{"scan_what": 1, "vendors": ["PUP.Gen0"], "name": "Honey", "value": "bmnlcjabgnpnenekpadlanbbkooimhnj", "type": "Browser", "file_hash": "", "file_vtscore": -1, "file_vttotal": 0, "is_malicious": true, "detection_level": 3, "id": 0, "status_str": "Deleted", "removed": true, "status_choice": 2}]}

    The one below is from Malwarebytes----
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 6/27/19
    Scan Time: 7:51 PM
    Log File: e76c60bb-993e-11e9-a7a1-f832e41bf623.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.586
    Update Package Version: 1.0.11292
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.829)
    CPU: x64
    File System: NTFS
    User: System

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Scheduler
    Result: Completed
    Objects Scanned: 289983
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 6 min, 22 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    I'll post AdwCleaner in another post after I run it.

    ..Paul..
     
    flamingo,
    #5
  7. 2019/06/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Third log?
     
    broni,
    #6
  8. 2019/06/28
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    This is the AdwCleaner file. I think that completes the requested set of files.

    ..Paul..



    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-06-25.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 06-27-2019
    # Duration: 00:00:18
    # OS: Windows 10 Home
    # Scanned: 27554
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [1250 octets] - [25/06/2019 14:06:50]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
     
    flamingo,
    #7
  9. 2019/06/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
    broni,
    #8
  10. 2019/06/28
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Here is addition.txt ....
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
    Ran by Paul (28-06-2019 19:57:23)
    Running from C:\Users\Paul\Desktop\Malware Tools and Logs\FarBar
    Windows 10 Home Version 1803 17134.829 (X64) (2018-05-18 13:04:16)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-651540725-2038268676-2268167659-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-651540725-2038268676-2268167659-503 - Limited - Disabled)
    Guest (S-1-5-21-651540725-2038268676-2268167659-501 - Limited - Disabled)
    Paul (S-1-5-21-651540725-2038268676-2268167659-1001 - Administrator - Enabled) => C:\Users\Paul
    WDAGUtilityAccount (S-1-5-21-651540725-2038268676-2268167659-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
    Adobe Connect (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\Adobe Connect App) (Version: 2018.7.10.32 - Adobe Systems Inc.)
    ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.91 - ICEpower a/s)
    Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
    Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
    Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
    EditPad Lite 7.6.5 (HKLM\...\EditPad Lite) (Version: 7.6.5 - Just Great Software)
    Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
    Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
    Geekbench 4 (HKLM-x32\...\Geekbench 4) (Version: - Primate Labs Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
    GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
    GoToMeeting 8.45.2.13190 (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\GoToMeeting) (Version: 8.45.2.13190 - LogMeIn, Inc.)
    Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
    Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.9.0.6754 - Mozilla)
    Mozilla Thunderbird 52.9.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.9.0 (x86 en-US)) (Version: 52.9.0 - Mozilla)
    Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
    Oracle VM VirtualBox 5.1.0 (HKLM\...\{0C801AA7-A02E-4DCF-BD09-0EACB11D9863}) (Version: 5.1.0 - Oracle Corporation)
    REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.871.072015 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
    RogueKiller version 13.2.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.2.2.0 - Adlice Software)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.8.559 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
    Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
    Zoom (HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

    Packages:
    =========
    ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.1.7.0_x64__qmba6cd70vzyy [2019-04-25] (ASUSTeK COMPUTER INC.)
    ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2016-03-06] (ASUSTeK COMPUTER INC.)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.142.300.0_x86__kgqvnymyfvs32 [2019-06-27] (king.com)
    Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2017-07-31] (Flipboard)
    Gameloft Games -> C:\Program Files\WindowsApps\A278AB0D.GameloftGames_1.0.2.6_x86__h6adky7gbf63m [2016-03-06] (Gameloft.)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.575.0_x64__v10z8vjag6ke6 [2019-06-28] (HP Inc.)
    iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-06-25] (iHeartMedia.)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-29] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-27] (Microsoft Corporation) [MS Ad]
    Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
    Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-03-21] (Microsoft Corporation)
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Studios) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-21] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
    TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-12-16] (TripAdvisor LLC)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-651540725-2038268676-2268167659-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Paul\AppData\Local\GoToMeeting\8625\G2MOutlookAddin64.dll => No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
    ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSContextMenu.dll [2016-05-04] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Signal Private Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=bikioccmkafdpakkkcpdbppfkghcmihk

    ==================== Loaded Modules (Whitelisted) ==============

    2015-06-09 22:25 - 2015-06-09 22:25 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2015-05-31 11:15 - 2015-05-31 11:15 - 000071168 _____ (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
    2015-04-22 08:59 - 2015-04-22 08:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll
    2015-06-09 22:25 - 2015-06-09 22:25 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
    2015-05-19 11:11 - 2015-05-19 11:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 06:04 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [UDP Query User{B9E191BA-52A8-46FE-987C-9C26C62785B3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [TCP Query User{3B8E9235-D39A-407A-9570-D3B58D5C4B9F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
    FirewallRules: [{BAA2E797-F55A-4B4E-BB60-238F0ED06245}] => (Allow) C:\Users\Paul\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [{D4D88F01-CA98-4448-89E1-3F5F7999966D}] => (Allow) C:\Users\Paul\AppData\Roaming\Zoom\bin\airhost.exe No File
    FirewallRules: [{479746C1-BF6A-4F35-91D4-F9FE3F88BC00}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{5A7B8D42-5266-43AA-8E6D-16CCE1AE7EDB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{FD104701-3B75-440E-A509-8C1109947F30}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{9370D49B-5559-4599-9420-FF80DECB76E0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{86473710-26D6-49DA-9DFF-32975FE89392}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{E09D4967-BC25-4F77-B884-540F9EBCB7E4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
    FirewallRules: [{71363541-D027-47D8-883C-B0F0727E1B84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    13-06-2019 15:18:34 Windows Update
    21-06-2019 15:32:56 Scheduled Checkpoint
    27-06-2019 08:24:17 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/28/2019 07:56:44 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 07:13:06 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 06:21:24 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 05:27:30 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 03:24:13 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 03:11:40 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 03:00:33 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]

    Error: (06/28/2019 02:43:10 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR

    DPTF Build Version: 8.1.10602.174
    DPTF Build Date: Jul 23 2015 11:24:10
    Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
    Executing Function: DptfEvent
    Message: Received unexpected event
    Framework Event: DptfResume [3]


    System errors:
    =============
    Error: (06/28/2019 05:27:41 PM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 02:44:59 PM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 02:02:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 02:01:38 PM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 10:46:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 10:39:15 AM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (06/28/2019 10:38:01 AM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    and APPID
    {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

    Error: (06/27/2019 09:10:04 PM) (Source: DCOM) (EventID: 10016) (User: ASUS-LAPTOP-X55)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user ASUS-LAPTOP-X55\Paul SID (S-1-5-21-651540725-2038268676-2268167659-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Windows Defender:
    ===================================
    Date: 2019-06-26 02:33:04.320
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {27D92C08-60D4-4147-AA70-7841BE722194}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:56:32.274
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {E61B5E76-ABBA-47C3-A427-ECB155A2A952}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:55:21.970
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {41F32882-1A30-4EFA-9C6E-68FB35F37323}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:51:45.878
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {98838E25-6325-401C-BC6C-A3CEED700AF6}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-26 00:50:03.738
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {2A5006FB-6547-4130-B562-4B389A185864}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2019-06-25 16:31:15.225
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.1454.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-06-21 18:14:27.902
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.1197.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80240438
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    Date: 2019-06-17 00:00:02.248
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.806.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80072ee2
    Error description: The operation timed out

    Date: 2019-06-16 22:58:43.838
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.806.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x80072ee2
    Error description: The operation timed out

    Date: 2019-06-14 18:42:29.907
    Description:
    Windows Defender Antivirus has encountered an error trying to update signatures.
    New Signature Version:
    Previous Signature Version: 1.295.648.0
    Update Source: Microsoft Update Server
    Signature Type: AntiVirus
    Update Type: Full
    Current Engine Version:
    Previous Engine Version: 1.1.16000.6
    Error code: 0x8024402c
    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

    CodeIntegrity:
    ===================================

    Date: 2019-06-25 12:25:06.700
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-25 12:25:06.434
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-25 12:25:06.363
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.625
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.612
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-06-04 01:58:44.598
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-05-27 18:13:59.881
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-05-27 18:13:59.868
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.8.559\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. X555LAB.503 08/04/2015
    Motherboard: ASUSTeK COMPUTER INC. X555LAB
    Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
    Percentage of memory in use: 50%
    Total physical RAM: 8100.71 MB
    Available physical RAM: 3997.65 MB
    Total Virtual: 16100.71 MB
    Available Virtual: 11812.32 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:185.15 GB) (Free:107.57 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (DATA) (Fixed) (Total:279.46 GB) (Free:279.32 GB) NTFS

    \\?\Volume{92d0d381-4325-4610-9f0a-92b811be0c44}\ () (Fixed) (Total:0.89 GB) (Free:0.45 GB) NTFS
    \\?\Volume{3b965679-d5b8-48d8-b6fd-bb38d478dd40}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: D15C6FD7)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
    flamingo,
    #9
  11. 2019/06/28
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Here is 1sr part of FRST file ......
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
    Ran by Paul (administrator) on ASUS-LAPTOP-X55 (ASUSTeK COMPUTER INC. X555LAB) (28-06-2019 19:54:06)
    Running from C:\Users\Paul\Desktop\Malware Tools and Logs\FarBar
    Loaded Profiles: Paul (Available Profiles: Paul)
    Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
    Default browser: Chrome
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    () [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (ASUS Cloud Corporation -> ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\AsusWSPanel.exe
    (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (AVAST Software a.s. -> ) C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
    (AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
    (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\Paul\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
    (Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\ASUSWSLoader.exe [62944 2016-05-04] (ASUS Cloud Corporation -> )
    HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [804352 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2015-09-06]
    ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software a.s. -> AVAST Software)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {034B8347-4043-400F-A3D1-568D69296416} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {04CBBC05-03B7-47CD-B88F-23D6026C84CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-01] (Google Inc -> Google Inc.)
    Task: {0AB7B193-7041-41B9-808F-31A7E201E3BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {186D9D5B-AD59-446D-BD8F-D1AFD09D3A8F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2015-06-09] (ASUSTeK Computer Inc. -> ASUS)
    Task: {25A984FE-8C12-4758-AEBA-A1F752D86B84} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {32BD3BF5-4949-42C0-A1EE-012AF08D18A2} - System32\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001 => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupload.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {3782EBED-09F8-4247-BDFA-5445D9156E01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {44E55AF4-D51E-41B0-862E-06B092CB6856} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [505200 2015-05-29] (Dropbox, Inc -> )
    Task: {771753F1-2FA5-4E88-800B-0D51520BC971} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
    Task: {7BB6699D-F759-4C33-947F-E719098056BF} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [863040 2016-03-06] (AVAST Software a.s. -> AVAST Software)
    Task: {80B73F3A-7CE3-4F35-822B-163D6FC7E105} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {8957E004-43DC-406B-AFD7-EE578661C82F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {8C8CAED7-DF2A-43ED-938B-34BE7A497F0F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {93BEE614-9634-4A08-AF4E-A7F38BE41E15} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-04-11] (ASUSTeK Computer Inc. -> AsusTek)
    Task: {9F505623-83E7-4005-A9F3-50705694B56F} - System32\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001 => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupdate.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
    Task: {A786FDF6-6FC4-4995-B50F-EED707045FEE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {B0A1040A-610A-4F5D-9E7F-0983E4122DEE} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {BCFDD404-BD2B-404C-BE1F-97425A1E80EB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14054104 2015-06-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
    Task: {E571D9C1-3E8F-49A6-B354-3D2DF9C7812F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [133315992 2018-06-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {EA6DBD5F-5659-4215-8C71-4A3917E057AB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
    Task: {FD3E538F-9BCD-4736-8009-4BAC887E4A36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-01] (Google Inc -> Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001.job => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupdate.exe
    Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001.job => C:\Users\Paul\AppData\Local\GoToMeeting\13190\g2mupload.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6e291b42-0b74-40b7-bc08-10e85f2f8434}: [DhcpNameServer] 10.1.21.80 10.1.21.82
    Tcpip\..\Interfaces\{84bb295b-a8d8-4867-b082-4b8b3e6f7d94}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
    HKU\S-1-5-21-651540725-2038268676-2268167659-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
    SearchScopes: HKU\S-1-5-21-651540725-2038268676-2268167659-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-651540725-2038268676-2268167659-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-651540725-2038268676-2268167659-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Paul\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default [2019-06-28]
    CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-20]
    CHR Extension: (Signal Private Messenger) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2018-11-29]
    CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
    CHR Extension: (Honey) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-06-27]
    CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
    CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-04]
    CHR Extension: (Chrome Media Router) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-21]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
     
    flamingo,
    #10
  12. 2019/06/28
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Here is 2nd part of FRST ....
    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
    R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUSTeK Computer Inc. -> ASUS)
    R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] (Realtek Semiconductor Corp -> )
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-11-30] (Intel(R) pGFX -> Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
    R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
    R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [324168 2018-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
    R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-06-10] (AVAST Software a.s. -> )
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-04] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-04-11] (ASUSTeK Computer Inc. -> ASUS Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-08-03] (Intel(R) Software -> Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [19976 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
    R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel(R) Software -> Intel Corporation)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-25] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek Semiconductor Corp -> Realtek )
    R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [758352 2018-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
    R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
    S3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6907240 2017-07-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
    R3 RTWlanE02; C:\WINDOWS\System32\drivers\rtwlane02.sys [9599440 2018-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-06-27] (Adlice -> )
    R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation -> Oracle Corporation)
    R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195424 2016-07-12] (Oracle Corporation -> Oracle Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-06-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [337632 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-04] (Microsoft Windows -> Microsoft Corporation)
    S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-27 19:51 - 2019-06-27 19:51 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-06-27 19:50 - 2019-06-27 19:50 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-06-27 19:50 - 2019-06-27 19:50 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-06-27 19:50 - 2019-06-27 19:50 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-06-27 15:24 - 2019-06-27 15:24 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2019-06-27 15:22 - 2019-06-27 15:24 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-06-27 15:21 - 2019-06-27 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-06-27 15:21 - 2019-06-27 15:21 - 000000000 ____D C:\Program Files\RogueKiller
    2019-06-27 15:10 - 2019-06-27 21:08 - 000000000 ____D C:\Users\Paul\Desktop\Malware Tools and Logs
    2019-06-26 01:56 - 2019-06-26 10:20 - 008939510 _____ C:\Users\Paul\Documents\HD115 as of 12082018.xlsb
    2019-06-25 21:54 - 2019-06-26 10:14 - 060125938 _____ C:\Users\Paul\Documents\CountyWide 12082018 1000s and 2000s.xlsb
    2019-06-25 14:24 - 2019-06-25 14:26 - 000037176 _____ C:\Users\Paul\Downloads\Addition.txt
    2019-06-25 14:21 - 2019-06-25 14:26 - 000063416 _____ C:\Users\Paul\Downloads\FRST.txt
    2019-06-25 14:20 - 2019-06-28 19:54 - 000000000 ____D C:\FRST
    2019-06-25 14:19 - 2019-06-25 14:19 - 002418688 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
    2019-06-25 14:04 - 2019-06-25 14:06 - 000000000 ____D C:\AdwCleaner
    2019-06-25 14:03 - 2019-06-25 14:03 - 007025360 _____ (Malwarebytes) C:\Users\Paul\Downloads\adwcleaner_7.3.exe
    2019-06-25 12:28 - 2019-06-25 12:28 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-06-25 12:28 - 2019-06-25 12:28 - 000000000 ____D C:\Users\Paul\AppData\Local\mbamtray
    2019-06-25 12:28 - 2019-06-25 12:28 - 000000000 ____D C:\Users\Paul\AppData\Local\mbam
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-06-25 12:27 - 2019-06-25 12:27 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-06-25 12:27 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-06-25 12:27 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-06-24 22:06 - 2019-06-26 10:19 - 056642839 _____ C:\Users\Paul\Documents\Countywide 12082018 3000s and 4000s.xlsb
    2019-06-21 12:18 - 2019-06-21 12:19 - 080290979 _____ C:\Users\Paul\Documents\CountyWide 12082018 (Autosaved).xlsb
    2019-06-20 02:56 - 2019-06-20 02:59 - 000066638 _____ C:\Users\Paul\Documents\Vetted PC list as of 06192019 for Colleen.xlsx
    2019-06-14 19:37 - 2019-02-13 00:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-06-14 19:23 - 2019-06-15 01:18 - 000000000 ____D C:\WINDOWS\Minidump
    2019-06-14 10:01 - 2019-06-14 10:01 - 000000165 ____H C:\Users\Paul\Documents\~$CountyWide 12082018.xlsb
    2019-06-14 07:34 - 2019-06-14 07:34 - 000000165 ____H C:\Users\Paul\Documents\~$CleanFinal PC List 06082019.xlsx
    2019-06-13 22:17 - 2019-06-07 06:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2019-06-13 22:17 - 2019-06-07 05:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-06-13 22:17 - 2019-06-07 05:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2019-06-13 22:17 - 2019-06-07 05:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-06-13 22:17 - 2019-06-07 05:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-06-13 22:17 - 2019-06-07 05:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2019-06-13 22:17 - 2019-06-07 01:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
    2019-06-13 22:17 - 2019-06-07 00:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2019-06-13 22:17 - 2019-06-07 00:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2019-06-13 22:17 - 2019-06-07 00:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2019-06-13 22:17 - 2019-06-07 00:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2019-06-13 22:17 - 2019-06-07 00:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2019-06-13 22:17 - 2019-06-07 00:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2019-06-13 22:17 - 2019-06-07 00:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-06-13 22:17 - 2019-06-07 00:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-06-13 22:17 - 2019-06-07 00:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-06-13 22:17 - 2019-06-07 00:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-06-13 22:17 - 2019-06-07 00:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-06-13 22:17 - 2019-06-07 00:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-06-13 22:17 - 2019-06-07 00:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2019-06-13 22:17 - 2019-05-17 07:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2019-06-13 22:17 - 2019-05-17 07:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2019-06-13 22:17 - 2019-05-17 07:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2019-06-13 22:17 - 2019-05-17 07:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2019-06-13 22:17 - 2019-05-17 01:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2019-06-13 22:17 - 2019-05-17 01:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-06-13 22:17 - 2019-05-17 01:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2019-06-13 22:17 - 2019-05-17 01:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2019-06-13 22:17 - 2019-05-17 01:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2019-06-13 22:17 - 2019-05-17 01:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
    2019-06-13 22:17 - 2019-05-17 00:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2019-06-13 22:17 - 2019-05-17 00:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2019-06-13 22:17 - 2019-05-17 00:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
    2019-06-13 22:17 - 2019-05-17 00:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2019-06-13 22:17 - 2019-05-17 00:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2019-06-13 22:17 - 2019-05-17 00:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2019-06-13 22:16 - 2019-06-07 06:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2019-06-13 22:16 - 2019-06-07 05:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
    2019-06-13 22:16 - 2019-06-07 05:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
    2019-06-13 22:16 - 2019-06-07 05:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2019-06-13 22:16 - 2019-06-07 05:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2019-06-13 22:16 - 2019-06-07 05:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
    2019-06-13 22:16 - 2019-06-07 05:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2019-06-13 22:16 - 2019-06-07 05:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
    2019-06-13 22:16 - 2019-06-07 05:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2019-06-13 22:16 - 2019-06-07 05:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2019-06-13 22:16 - 2019-06-07 01:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2019-06-13 22:16 - 2019-06-07 00:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
    2019-06-13 22:16 - 2019-06-07 00:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
    2019-06-13 22:16 - 2019-06-07 00:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2019-06-13 22:16 - 2019-06-07 00:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2019-06-13 22:16 - 2019-06-07 00:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2019-06-13 22:16 - 2019-06-07 00:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2019-06-13 22:16 - 2019-06-07 00:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
    2019-06-13 22:16 - 2019-06-07 00:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-06-13 22:16 - 2019-06-07 00:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2019-06-13 22:16 - 2019-06-07 00:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2019-06-13 22:16 - 2019-06-07 00:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
    2019-06-13 22:16 - 2019-06-07 00:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2019-06-13 22:16 - 2019-06-07 00:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2019-06-13 22:16 - 2019-06-07 00:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2019-06-13 22:16 - 2019-06-07 00:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-06-13 22:16 - 2019-06-07 00:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2019-06-13 22:16 - 2019-06-07 00:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
    2019-06-13 22:16 - 2019-06-07 00:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2019-06-13 22:16 - 2019-06-07 00:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2019-06-13 22:16 - 2019-06-07 00:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2019-06-13 22:16 - 2019-06-07 00:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2019-06-13 22:16 - 2019-06-07 00:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2019-06-13 22:16 - 2019-06-07 00:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2019-06-13 22:16 - 2019-06-06 23:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
    2019-06-13 22:16 - 2019-05-18 17:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2019-06-13 22:16 - 2019-05-18 17:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2019-06-13 22:16 - 2019-05-17 07:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
    2019-06-13 22:16 - 2019-05-17 07:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2019-06-13 22:16 - 2019-05-17 07:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2019-06-13 22:16 - 2019-05-17 07:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-06-13 22:16 - 2019-05-17 07:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
    2019-06-13 22:16 - 2019-05-17 07:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2019-06-13 22:16 - 2019-05-17 07:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
    2019-06-13 22:16 - 2019-05-17 07:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2019-06-13 22:16 - 2019-05-17 07:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
    2019-06-13 22:16 - 2019-05-17 07:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2019-06-13 22:16 - 2019-05-17 07:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-06-13 22:16 - 2019-05-17 07:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2019-06-13 22:16 - 2019-05-17 07:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2019-06-13 22:16 - 2019-05-17 06:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2019-06-13 22:16 - 2019-05-17 06:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2019-06-13 22:16 - 2019-05-17 06:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2019-06-13 22:16 - 2019-05-17 06:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
    2019-06-13 22:16 - 2019-05-17 06:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2019-06-13 22:16 - 2019-05-17 06:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2019-06-13 22:16 - 2019-05-17 04:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-06-13 22:16 - 2019-05-17 03:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-06-13 22:16 - 2019-05-17 02:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2019-06-13 22:16 - 2019-05-17 01:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2019-06-13 22:16 - 2019-05-17 01:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2019-06-13 22:16 - 2019-05-17 01:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-06-13 22:16 - 2019-05-17 01:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
    2019-06-13 22:16 - 2019-05-17 01:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2019-06-13 22:16 - 2019-05-17 01:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2019-06-13 22:16 - 2019-05-17 01:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
    2019-06-13 22:16 - 2019-05-17 01:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2019-06-13 22:16 - 2019-05-17 01:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
    2019-06-13 22:16 - 2019-05-17 01:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2019-06-13 22:16 - 2019-05-17 01:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2019-06-13 22:16 - 2019-05-17 01:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
    2019-06-13 22:16 - 2019-05-17 01:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2019-06-13 22:16 - 2019-05-17 01:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2019-06-13 22:16 - 2019-05-17 01:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
    2019-06-13 22:16 - 2019-05-17 01:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2019-06-13 22:16 - 2019-05-17 01:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2019-06-13 22:16 - 2019-05-17 01:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2019-06-13 22:16 - 2019-05-17 01:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2019-06-13 22:16 - 2019-05-17 01:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2019-06-13 22:16 - 2019-05-17 01:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2019-06-13 22:16 - 2019-05-17 01:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2019-06-13 22:16 - 2019-05-17 01:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2019-06-13 22:16 - 2019-05-17 01:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-06-13 22:16 - 2019-05-17 01:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2019-06-13 22:16 - 2019-05-17 01:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
    2019-06-13 22:16 - 2019-05-17 01:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2019-06-13 22:16 - 2019-05-17 00:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
    2019-06-13 22:16 - 2019-05-17 00:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2019-06-13 22:16 - 2019-05-17 00:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
    2019-06-13 22:16 - 2019-05-17 00:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2019-06-13 22:16 - 2019-05-17 00:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2019-06-13 22:16 - 2019-05-17 00:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2019-06-13 22:16 - 2019-05-17 00:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
    2019-06-13 22:16 - 2019-05-17 00:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2019-06-13 22:16 - 2019-05-17 00:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2019-06-13 22:16 - 2019-05-17 00:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2019-06-13 22:16 - 2019-05-17 00:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2019-06-13 22:16 - 2019-05-17 00:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2019-06-13 22:16 - 2019-05-17 00:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2019-06-13 22:16 - 2019-05-17 00:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2019-06-13 22:16 - 2019-05-17 00:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2019-06-13 22:16 - 2019-05-17 00:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2019-06-13 22:16 - 2019-05-17 00:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2019-06-08 16:39 - 2019-06-28 19:49 - 001047776 _____ C:\Users\Paul\Documents\CleanFinal PC List 06082019.xlsx
    2019-06-07 00:55 - 2019-06-07 00:55 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct (2).zip
    2019-06-07 00:55 - 2019-06-07 00:55 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct (1).zip
    2019-06-07 00:51 - 2019-06-07 00:51 - 010200327 _____ C:\Users\Paul\Downloads\061107 PctbyPct.zip
    2019-06-07 00:21 - 2019-06-07 00:21 - 001717376 _____ C:\Users\Paul\Downloads\detailtxt (2).zip
    2019-06-07 00:19 - 2019-06-07 00:19 - 002038913 _____ C:\Users\Paul\Downloads\detailxls (11).zip
    2019-06-07 00:19 - 2019-06-07 00:19 - 000000000 ____D C:\Users\Paul\Downloads\detailxls (10)
    2019-06-07 00:08 - 2019-06-07 00:08 - 002038913 _____ C:\Users\Paul\Downloads\detailxls (10).zip
    2019-06-04 02:53 - 2019-06-04 03:01 - 000000000 ____D C:\Users\Paul\Documents\2019 Election Code Changes
    2019-06-03 04:44 - 2019-06-08 21:49 - 000388444 _____ C:\Users\Paul\Documents\PC Final as of 06032019.xlsx
    2019-06-03 04:44 - 2019-06-03 04:44 - 000000165 ____H C:\Users\Paul\Documents\~$PC Final as of 06032019.xlsx
    2019-06-01 20:11 - 2019-06-01 20:11 - 000021450 _____ C:\Users\Paul\Downloads\billreport.pdf
    2019-06-01 00:09 - 2019-06-01 00:09 - 016421870 _____ C:\Users\Paul\Documents\HP Laptop 14-df0023cl Service Manual c06146792.pdf
    2019-06-01 00:07 - 2019-06-01 00:07 - 003951527 _____ C:\Users\Paul\Documents\HP Laptop 14-df0023cl user manual c06153159.pdf
    2019-05-29 22:49 - 2019-05-29 22:49 - 006342253 _____ C:\Users\Paul\Documents\0409_E10576_X555LA_LD_LN_EM_V4_B.pdf

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-28 19:56 - 2015-09-06 16:48 - 000000165 _____ C:\Users\Paul\AppData\Roaming\sp_data.sys
    2019-06-28 19:30 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-06-28 19:13 - 2018-05-18 07:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-06-28 17:31 - 2018-07-03 22:36 - 000000000 ____D C:\ProgramData\Packages
    2019-06-28 17:31 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-06-28 17:31 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-06-27 08:25 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
    2019-06-27 07:26 - 2017-08-02 13:54 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
    2019-06-27 07:25 - 2017-09-30 13:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-06-27 07:25 - 2015-09-06 16:48 - 000000000 __SHD C:\Users\Paul\IntelGraphicsProfiles
    2019-06-26 02:00 - 2018-05-18 08:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-06-26 01:59 - 2018-04-11 16:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-06-25 16:21 - 2018-06-04 21:34 - 000000000 ____D C:\Users\Paul\AppData\Local\D3DSCache
    2019-06-25 12:27 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2019-06-21 15:36 - 2017-09-30 02:10 - 000000000 ____D C:\Program Files\rempl
    2019-06-21 07:24 - 2016-03-01 14:30 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-06-20 17:51 - 2017-05-26 10:14 - 000000000 ____D C:\Program Files\UNP
    2019-06-17 17:40 - 2018-05-18 08:03 - 000004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
    2019-06-15 18:33 - 2018-08-24 10:46 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2019-06-14 21:12 - 2018-05-18 08:03 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-14 21:12 - 2018-05-18 07:45 - 000002362 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-06-14 21:12 - 2015-09-06 16:51 - 000000000 ___RD C:\Users\Paul\OneDrive
    2019-06-14 21:09 - 2018-05-18 07:45 - 000000000 ____D C:\Users\Paul
    2019-06-14 19:37 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-06-14 05:27 - 2018-05-16 11:54 - 000000000 ____D C:\Users\Paul\AppData\Local\GoToMeeting
    2019-06-14 02:14 - 2018-05-18 07:57 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-06-14 02:08 - 2018-03-22 03:42 - 000000000 ___RD C:\Users\Paul\3D Objects
    2019-06-14 02:08 - 2015-09-06 05:16 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-06-14 02:07 - 2018-05-18 07:39 - 000424584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
    2019-06-14 02:04 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
    2019-06-13 22:15 - 2016-02-24 17:53 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-06-13 15:21 - 2016-02-24 17:53 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-06-12 17:01 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
    2019-06-09 02:11 - 2017-05-25 17:57 - 000000660 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001.job
    2019-06-09 02:11 - 2017-05-25 17:57 - 000000564 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001.job
    2019-06-08 21:49 - 2018-10-01 20:06 - 000000000 ____D C:\Users\Paul\Documents\Precinct Chairs
    2019-06-06 01:20 - 2018-05-18 08:03 - 000003826 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-06 01:20 - 2018-05-18 08:03 - 000003730 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-651540725-2038268676-2268167659-1001
    2019-06-04 21:13 - 2018-03-22 03:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-05-30 20:57 - 2018-07-10 19:08 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2019-05-30 20:57 - 2018-07-10 19:08 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2019-05-30 11:13 - 2019-05-27 21:44 - 037664123 _____ C:\Users\Paul\Documents\last of 3 plus all 4.xlsb

    ==================== Files in the root of some directories ================

    2017-11-28 18:04 - 2017-11-28 18:04 - 007649280 _____ () C:\Program Files (x86)\GUTF4A3.tmp
    2015-09-06 16:48 - 2019-06-28 19:56 - 000000165 _____ () C:\Users\Paul\AppData\Roaming\sp_data.sys
    2017-05-26 14:10 - 2019-05-18 14:52 - 000007601 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ============================
     
    flamingo,
    #11
  13. 2019/06/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #12
  14. 2019/06/29
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Two bits of information that may or may not be relevant:
    1) My keyboard and desktop display go through a kvm switch which is connected via USB to my laptop. This has worked fine for many months and has not been changed.
    2) A symptom which predates by several months the appearance of the unwanted "localweatherradar.co" notifications is the screen goes black at unpredictable times even when an application is running. When that happens I hit a key or click the mouse and go to the Windows sign-in screen. I sign in and am exactly where I left off. I looked at all kinds of screen saver and display timers and they were all set to a high value. I just been putting up with this oddity. Probably unrelated but I thought I'd mention it.


    Here is the result of running FRST with the fixlist.txt you provided....

    Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
    Ran by Paul (29-06-2019 20:54:47) Run:1
    Running from C:\Users\Paul\Desktop\Malware Tools and Logs\FarBar
    Loaded Profiles: Paul (Available Profiles: Paul)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CustomCLSID: HKU\S-1-5-21-651540725-2038268676-2268167659-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Paul\AppData\Local\GoToMeeting\8625\G2MOutlookAddin64.dll => No File
    ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    FirewallRules: [{D4D88F01-CA98-4448-89E1-3F5F7999966D}] => (Allow) C:\Users\Paul\AppData\Roaming\Zoom\bin\airhost.exe No File
    Task: {034B8347-4043-400F-A3D1-568D69296416} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {A786FDF6-6FC4-4995-B50F-EED707045FEE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
    2017-11-28 18:04 - 2017-11-28 18:04 - 007649280 _____ () C:\Program Files (x86)\GUTF4A3.tmp
    2015-09-06 16:48 - 2019-06-28 19:56 - 000000165 _____ () C:\Users\Paul\AppData\Roaming\sp_data.sys
    2017-05-26 14:10 - 2019-05-18 14:52 - 000007601 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
    *****************

    HKU\S-1-5-21-651540725-2038268676-2268167659-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309} => removed successfully
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BtSendToMenuEx => removed successfully
    HKLM\Software\Classes\CLSID\{CF24E6B8-F148-4BCB-9108-ADF313966E80} => not found
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
    HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4D88F01-CA98-4448-89E1-3F5F7999966D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{034B8347-4043-400F-A3D1-568D69296416}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{034B8347-4043-400F-A3D1-568D69296416}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A786FDF6-6FC4-4995-B50F-EED707045FEE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A786FDF6-6FC4-4995-B50F-EED707045FEE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
    HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
    cpuz143 => service removed successfully
    C:\Program Files (x86)\GUTF4A3.tmp => moved successfully
    C:\Users\Paul\AppData\Roaming\sp_data.sys => moved successfully
    C:\Users\Paul\AppData\Local\Resmon.ResmonCfg => moved successfully

    ==== End of Fixlog 20:54:56 ====
     
    flamingo,
    #13
  15. 2019/06/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    For those two other issues you'll have to create new topic in Windows forum.

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #14
  16. 2019/06/30
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Did the first three of the four successfully. Logs are below. Downloaded the Sophos tool and began the install. Got " Error1606. Could not access network location data." Pressed Retry twice and got the same error. I cancelled the install. Tried the install again and got the same results. Consequently, didn't run the Sophos tool.

    Here are the other logs ....

    Results of screen317's Security Check version 1.014 --- 12/23/15

    x64 (UAC is enabled)

    Internet Explorer 11

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    Windows Defender

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    Mozilla Thunderbird (52.9.0)

    Google Chrome (75.0.3770.100)

    Google Chrome (SetupMetrics...)

    ````````Process Check: objlist.exe by Laurent````````

    Windows Defender MSMpEng.exe

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamtray.exe

    Paul Desktop Malware Tools and Logs Security Check\SecurityCheck.exe

    Windows Defender MSASCuiL.exe

    AVAST Software SecureLine VpnSvc.exe

    AVAST Software SecureLine SecureLine.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: %

    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 27-01-2016

    Ran by Paul (administrator) on 30-06-2019 at 19:46:51

    Running from "C:\Users\Paul\Desktop\Malware Tools and Logs\FSS"

    Microsoft Windows 10 Home (X64)

    Boot Mode: Normal

    ****************************************************************


    Internet Services:

    ============


    Connection Status:

    ==============

    Localhost is accessible.

    LAN connected.

    Google IP is accessible.

    Google.com is accessible.

    Yahoo.com is accessible.



    Windows Firewall:

    =============


    Firewall Disabled Policy:

    ==================



    System Restore:

    ============


    System Restore Policy:

    ========================



    Security Center:

    ============



    Windows Update:

    ============

    wuauserv Service is not running. Checking service configuration:

    The start type of wuauserv service is set to Demand. The default start type is Auto.

    The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".

    The ServiceDll of wuauserv service is OK.



    Windows Autoupdate Disabled Policy:

    ============================



    Windows Defender:

    ==============


    Other Services:

    ==============



    File Check:

    ========

    C:\Windows\System32\nsisvc.dll => File is digitally signed

    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

    C:\Windows\System32\drivers\afd.sys => File is digitally signed

    C:\Windows\System32\drivers\tdx.sys => File is digitally signed

    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

    C:\Windows\System32\dnsrslvr.dll => File is digitally signed

    C:\Windows\System32\dnsapi.dll => File is digitally signed

    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\Windows\System32\mpssvc.dll => File is digitally signed

    C:\Windows\System32\bfe.dll => File is digitally signed

    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

    C:\Windows\System32\SDRSVC.dll => File is digitally signed

    C:\Windows\System32\vssvc.exe => File is digitally signed

    C:\Windows\System32\wscsvc.dll => File is digitally signed

    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

    C:\Windows\System32\wuaueng.dll => File is digitally signed

    C:\Windows\System32\qmgr.dll => File is digitally signed

    C:\Windows\System32\es.dll => File is digitally signed

    C:\Windows\System32\cryptsvc.dll => File is digitally signed

    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

    C:\Windows\System32\ipnathlp.dll => File is digitally signed

    C:\Windows\System32\iphlpsvc.dll => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed



    **** End of log ****


    Log of TFC follows…


    Getting user folders.


    Stopping running processes.


    Emptying Temp folders.



    User: All Users


    User: Default

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes


    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 0 bytes


    User: Default.migrated


    User: Paul

    ->Temp folder emptied: 166413213 bytes

    ->Temporary Internet Files folder emptied: 43397395 bytes

    ->Google Chrome cache emptied: 404319884 bytes

    ->Flash cache emptied: 15849600 bytes


    User: Public


    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 292848 bytes

    %systemroot%\System32 .tmp files removed: 0 bytes

    %systemroot%\System32 (64bit) .tmp files removed: 2981832 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 628781 bytes


    Emptying RecycleBin. Do not interrupt.
     
    flamingo,
    #15
  17. 2019/07/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Try this one....
    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Under "I want a free one-time scan with ESET Online Scanner" click on "Scan now" button.
    • It'll download small file "esetonlinescanner_enu.exe".
    • Double click on downloaded file.
    • Click on Accept button.
    • Checkmark "Disable detection of potentially unwanted applications".
    • Click Scan
    • Accept any security warnings from your browser.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
    broni,
    #16
  18. 2019/07/01
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    ESET ran and produced this log ...
    .
    7/1/2019 12:32:12 PM
    Files scanned: 320874
    Infected files: 0
    Cleaned threats: 0
    Total scan time: 01:49:34
    Scan status: Finished
     
    flamingo,
    #17
  19. 2019/07/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [img=[URL]https://www.bleepstatic.com/fhost/uploads/6/snag-0004.jpg[/URL]]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

    7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    9. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    10. Please, let me know, how your computer is doing.
     
    broni,
    #18
  20. 2019/07/03
    flamingo

    flamingo Well-Known Member Thread Starter

    Joined:
    2011/07/06
    Messages:
    82
    Likes Received:
    0
    Here is the result of all the above:
    1) Did all of the diagnostic tools and posted all of the logs. With the exception of the Sophos tool, all ran fine.
    2) The Delfix tool remover ran to completion but did not remove any of the diagnostic tools or logs previously used. I removed them manually. Perhaps it missed them because I put them in desktop subfolders rather than directly in the desktop folder.
    3) The unwanted notifications which led me to search for malware are still present. They only appear, and always appear, when Google Chrome is loaded.
    4) Having previously googled "localweatherradar.co" and similar identifiers that appear in the unwanted notifications, it was pretty clear this was a widely occurring problem. All kinds of fixes were suggested and they had little in common and only seemed to work for a small fraction of those who tried them. I didn't try any of the suggestions. Maybe I'll look them over again and try some.
    5) It seems the numerous malware diagnostic tools I ran don't detect the cause of the unwanted notifications. I guess I can live with the annoyance since it doesn't seem to cause other problems.
    6) One thing did get fixed. The frequently occurring black screen (i.e., forced sleep) whiched required me to log into Windows to get back to exactly where I was before no longer happens. All of the timers had been previously set to large values and I didn't mess with any of them. Why this problem went away I don't know. I'm glad that problem is solved.
    7) One other thing did seem to improve. Previously on a restart or cold boot I would see about 8-10 minutes of 95-100% disk activity. Now that is down to about 2-3 minutes. That cuts down the time when my machine is very sluggish. That's good news.
    8) I had been running without any third party virus tools and just depending on what was built into Windows 10. I did reinstall the free version of AVAST which I had stopped using because it seemed to really slow down my machine. I'll see how it goes with AVAST active.
    9) I guess that is the end of the story for now. Thanks to broni for his guiding me through the diagnostic process. There is no way I could have figured out the meaning of the long logs produced by the various tools.

    Thanks,
    Paul
     
    flamingo,
    #19
  21. 2019/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Some good news :)

    Regarding Chrome issue...

    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    If the above didn't help....

    Reinstall Chrome...
    If you want to save your bookmarks...
    How to Backup Bookmarks in Google Chrome
    If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
    • Close all Chrome windows and tabs.
    • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    • Click Programs and Features.
    • Double-click Google Chrome.
    • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
    broni,
    #20
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...