Jump to content


Photo

Laptop very slow in general


  • This topic is locked This topic is locked
9 replies to this topic

#1 NextStep

NextStep

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 05 January 2020 - 07:09 AM

Hello, happy new year to all :)

 

Can someone please help?

 

Laptop very slow in starting up and doing things in general. Did a scan with Adwcleaner and it found PUP.Optional.Assistant, and deleted it. The log is of a scan I did after. Thought that would be the problem but still slow. As an extra I did the F secure online scan but cannot find the log?! Anyway, it showed nothing wrong.

 

Thank you  :)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/20
Scan Time: 12:23 PM
Log File: d60bbffe-2fad-11ea-9e9e-9822ef81d116.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14183
License: Free

-System Information-
OS: Windows 10 (Build 17763.914)
CPU: x64
File System: NTFS
User: LAPTOP-KBGPHM51\SthCo

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288269
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 14 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by SthCo (administrator) on LAPTOP-KBGPHM51 (Acer Aspire A315-21) (05-01-2020 12:08:53)
Running from C:\Users\SthCo\OneDrive\Desktop
Loaded Profiles: SthCo (Available Profiles: SthCo)
Platform: Windows 10 Home Version 1809 17763.914 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\SthCo\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\SthCo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18368512 2017-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\Run: [RemoteFilesTrayIcon] => C:\ProgramData\acer\abFiles\launchFiles.exe [27352 2017-05-17] (Acer Incorporated -> )
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47774856 2019-10-24] (Google LLC -> )
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [370688 2018-09-15] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1634AA2E-AB2D-4F09-A901-610647E9AF06} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {2130D9DD-6FE3-404D-9282-390094C6643F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1444144 2019-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {25FA8BF5-B1D9-4242-815D-E461117EBFEA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {26764A17-9AEE-424F-BAD7-B04C7336C400} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-11] (Adobe Inc. -> Adobe)
Task: {59827C4C-6F6E-4BCC-BDBA-6776E905BF0E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [488760 2019-07-15] (Bitdefender SRL -> Bitdefender)
Task: {6672A8C0-FCF0-4B6F-A8E6-E0D9B2B5ECD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {75A5D5AE-54C4-49FB-BB3A-58CA30FED8DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-12] (Google Inc -> Google Inc.)
Task: {7A56277B-A061-4137-BFF4-42F56387B180} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {85BFD1BE-872F-4AC6-A45B-462C2903B872} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-11-12] (Google Inc -> Google Inc.)
Task: {9795AC75-6B51-4AC8-BB01-505B4C09DA8D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {A645D1AA-F5BD-420D-898E-43A6109BC011} - System32\Tasks\PicstreamAgent => C:\Program [Argument = Files (x86)\Acer\AOP Framework\uwplauncher.exe AcerIncorporated.6245439DEEE9E_48frkmn4z8aw4!abPhoto]
Task: {AF12D2BD-3251-4C1D-9881-850D7E355806} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {C728197A-F426-4FB8-A377-36710C725AB4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-11] (Adobe Inc. -> Adobe)
Task: {D176F42F-3BCB-4599-8FB9-F6EC65A2D06C} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {D1799742-E621-4BC3-92C8-564D9BC322C0} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2018-03-09] (Acer Incorporated -> Acer Incorporated)
Task: {E06B7E8D-50C2-438A-B87A-6C19C9385EC3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E34BA8DE-D9CF-4821-B099-0A97890D7BAA} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
Task: {F4A39B00-7A03-4F11-BE27-98C226E8855C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{2c7885d2-cffc-4572-a305-2f0debd0694c}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{3a5201de-de6f-496a-bf4a-df967eed7671}: [DhcpNameServer] 40.33.1.55
Tcpip\..\Interfaces\{9bf9661d-fec3-498b-8192-13c3cc4bffeb}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{a82fa74a-b0df-4e49-9dee-358b796ad112}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ece7c19d-309a-4992-ad4c-23e2b051e1d2}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> DefaultScope {2F39EDB7-58EF-49EC-B98D-139CCE3A2321} URL =
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> {201E645E-E6BB-4B21-9524-A0C6D7ABC73A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\SthCo\Downloads

FireFox:
========
FF DefaultProfile: 6re9ps7u.default-1526761473829
FF ProfilePath: C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829 [2020-01-04]
FF Homepage: Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829 -> hxxps://www.google.co.uk/
FF Notifications: Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829 -> hxxps://www.facebook.com
FF Extension: (Grammarly for Firefox) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2019-12-24]
FF Extension: (iCloud Bookmarks) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\firefoxdav@icloud.com.xpi [2019-01-23]
FF Extension: (Dizionario italiano) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\it-IT@dictionaries.addons.mozilla.org.xpi [2018-12-11]
FF Extension: (English (GB) Language Pack) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2019-12-24]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\langpack-it@firefox.mozilla.org.xpi [2019-12-24]
FF Extension: (S3.Translator) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\s3google@translator.xpi [2018-10-11]
FF Extension: (A powerful reverse image search tool, with support for various search engines, such as Google, Bing, Yandex, Baidu and TinEye.) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}.xpi [2020-01-03]
FF Extension: (No Name) - C:\Users\SthCo\AppData\Roaming\Mozilla\Firefox\Profiles\6re9ps7u.default-1526761473829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-24]
FF Extension: (العربية Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ar@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Английски (САЩ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-bg@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Czech (CZ) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-cs@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Deutsch (DE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-de@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Ελληνικά Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-el@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Español (España) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-es-ES@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Estonian Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-et@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Finnish Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fi@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Français Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-fr@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Hebrew (IL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-he@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Magyar (HU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-hu@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Italiano (IT) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-it@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Japanese Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ja@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Korean (KR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ko@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Lietuvių Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-lt@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Norsk bokmål (NO) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nb-NO@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Nederlands (NL) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-nl@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Polski Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pl@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Português (pt-BR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-BR@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Português (Portugal) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-pt-PT@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Russian (RU) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-ru@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Slovak (SK) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sk@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Slovenski jezik Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sl@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (српски (sr) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sr@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Svenska (SE) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-sv-SE@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (ไทย Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-th@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Türkçe (TR) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-tr@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Ukrainian (UA) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-uk@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-CN@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-zh-TW@firefox.mozilla.org [2018-05-19] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2018-05-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-11] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-24] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-24] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-07-19] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-07-19] <==== ATTENTION

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [551832 2017-07-14] (Advanced Micro Devices, Inc. -> AMD)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Qualcomm Atheros -> Windows ® Win 7 DDK provider)
R2 bdredline; C:\Program Files\Bitdefender Antivirus Free\bdredline.exe [2500144 2019-05-28] (Bitdefender SRL -> Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1291888 2019-07-15] (Bitdefender SRL -> Bitdefender)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [191976 2018-12-20] (Qualcomm Atheros -> Qualcomm Technologies Inc.)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [238376 2019-11-25] (Bitdefender SRL -> Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [288312 2020-01-03] (Bitdefender SRL -> Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [238376 2019-11-25] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-05-20] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-05-20] (Microsoft Corporation -> Microsoft Corporation)
S3 QALSvc; "C:\Program Files\Acer\Acer Quick Access\QALSvc.exe" [X]
S3 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X]
S3 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34672 2017-05-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdi2c; C:\WINDOWS\System32\drivers\amdi2c.sys [54128 2017-05-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmdag.sys [36557720 2017-07-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0315893.inf_amd64_c7f492d4318c2a29\atikmpag.sys [528792 2017-07-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amduart; C:\WINDOWS\System32\drivers\amduart.sys [91640 2017-05-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [1693368 2019-10-28] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [739024 2019-11-25] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22960 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131904 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [309144 2019-11-25] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [564136 2019-11-25] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\WINDOWS\System32\drivers\gzflt.sys [188384 2019-04-26] (Bitdefender SRL -> BitDefender LLC)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1191616 2018-05-10] (Kaspersky Lab -> AO Kaspersky Lab)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2020-01-04] (Malwarebytes Corporation -> Malwarebytes)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2353664 2018-12-20] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [954368 2017-04-18] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-06-29] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167232 2018-12-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated -> Synaptics Incorporated)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\drivers\trufos.sys [637112 2019-10-28] (Bitdefender SRL -> Bitdefender)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-05-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-05-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-05-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-05 11:41 - 2020-01-05 11:41 - 000000000 ___HD C:\OneDriveTemp
2020-01-04 11:42 - 2020-01-04 11:42 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-12-24 14:53 - 2019-12-24 14:53 - 026807296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 009668408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 007645384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 006541712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 006444032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 003638272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-24 14:53 - 2019-12-24 14:53 - 003576832 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-24 14:53 - 2019-12-24 14:53 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 002233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 002072384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-24 14:53 - 2019-12-24 14:53 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001677808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001676288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001668960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001666440 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 001465264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001258296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 001201128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 001049400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000793824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000678672 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000603792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000505632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-24 14:53 - 2019-12-24 14:53 - 000408736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000203064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000095544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-12-24 14:53 - 2019-12-24 14:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-12-24 14:39 - 2019-12-20 13:06 - 000000123 ____R C:\Users\SthCo\OneDrive\Documents\New year do's list.url
2019-12-24 14:39 - 2019-12-20 12:57 - 000000123 ____R C:\Users\SthCo\OneDrive\Documents\First attempt.url
2019-12-12 20:45 - 2020-01-03 18:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-11 12:20 - 2019-12-11 12:20 - 006199352 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-05 12:09 - 2018-05-03 18:53 - 000000000 ____D C:\FRST
2020-01-05 12:04 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-05 12:03 - 2018-09-15 08:31 - 000000000 ____D C:\WINDOWS\INF
2020-01-05 12:00 - 2019-03-09 21:36 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2020-01-05 11:41 - 2019-02-07 20:35 - 000003532 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2020-01-05 11:41 - 2018-04-09 22:09 - 000000000 ___RD C:\Users\SthCo\Google Drive
2020-01-05 11:41 - 2018-04-09 14:43 - 000000000 ___RD C:\Users\SthCo\OneDrive
2020-01-04 15:00 - 2019-02-07 20:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-04 12:57 - 2018-04-09 18:17 - 000000000 ____D C:\Users\SthCo\AppData\LocalLow\Mozilla
2020-01-04 11:41 - 2019-02-07 20:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-04 11:40 - 2018-09-15 07:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-01-04 11:40 - 2018-05-19 18:22 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-01-03 19:12 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-03 19:12 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-03 18:57 - 2019-02-08 04:36 - 000780130 _____ C:\WINDOWS\system32\perfh010.dat
2020-01-03 18:57 - 2019-02-08 04:36 - 000146062 _____ C:\WINDOWS\system32\perfc010.dat
2020-01-03 18:57 - 2019-02-07 20:20 - 001756404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-03 18:52 - 2019-02-07 20:00 - 000537280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-03 18:49 - 2017-12-20 15:52 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-03 18:44 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-03 18:44 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-03 18:25 - 2018-05-19 18:59 - 000000000 ____D C:\Users\SthCo\AppData\Local\PlaceholderTileLogoFolder
2020-01-03 18:23 - 2018-05-20 15:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-03 18:16 - 2018-09-15 07:09 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2019-12-24 15:08 - 2018-05-20 15:57 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-24 15:07 - 2018-09-15 08:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-24 14:58 - 2018-12-16 17:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-24 14:53 - 2019-03-27 19:02 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-24 14:49 - 2019-02-07 20:35 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-24 14:49 - 2019-02-07 20:35 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-20 12:53 - 2019-01-13 16:49 - 000000122 ____R C:\Users\SthCo\OneDrive\Documents\C's Notebook.url
2019-12-12 21:02 - 2017-12-20 15:52 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-11 12:21 - 2019-02-15 19:22 - 000004588 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-11 12:20 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-12-11 12:20 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories ========

2018-05-19 20:08 - 2018-05-19 20:12 - 007649280 _____ () C:\Program Files (x86)\GUTFE28.tmp
2019-07-21 11:52 - 2019-07-21 11:52 - 000118671 _____ () C:\Users\SthCo\AppData\Local\ars.cache
2019-07-21 11:52 - 2019-07-21 11:52 - 000467019 _____ () C:\Users\SthCo\AppData\Local\census.cache
2019-07-21 10:56 - 2019-07-21 10:56 - 000000036 _____ () C:\Users\SthCo\AppData\Local\housecall.guid.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 14th, December 2019
Running from:C:\Users\SthCo\OneDrive\Desktop (12:11:41 - 01/05/2020)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Bitdefender Antivirus Free Antimalware (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Bitdefender Antivirus Free Antimalware (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (32.0.0.303)
Adobe Acrobat Reader DC (19.021.20061)
Malwarebytes (3.8.3.2965) ==> is out of Date
Mozilla Firefox (71.0)

***----------------Analysis Complete-------------------------***

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-02.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-05-2020
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2780 octets] - [03/05/2018 19:33:36]
AdwCleaner[C00].txt - [2571 octets] - [03/05/2018 19:36:10]
AdwCleaner[S01].txt - [1254 octets] - [05/05/2018 12:42:07]
AdwCleaner[C01].txt - [1359 octets] - [05/05/2018 12:43:52]
AdwCleaner[S02].txt - [1254 octets] - [05/05/2018 13:24:23]
AdwCleaner[C02].txt - [1359 octets] - [05/05/2018 13:24:54]
AdwCleaner[S03].txt - [1306 octets] - [08/05/2018 23:29:40]
AdwCleaner[C03].txt - [1391 octets] - [09/05/2018 00:25:34]
AdwCleaner[S04].txt - [2468 octets] - [19/05/2018 21:12:02]
AdwCleaner[C04].txt - [2333 octets] - [19/05/2018 21:12:50]
AdwCleaner[S05].txt - [2409 octets] - [19/06/2018 20:47:56]
AdwCleaner[C05].txt - [2465 octets] - [19/06/2018 20:48:54]
AdwCleaner[S06].txt - [1974 octets] - [22/06/2018 23:11:59]
AdwCleaner[C06].txt - [2160 octets] - [22/06/2018 23:12:30]
AdwCleaner[S07].txt - [2096 octets] - [22/06/2018 23:20:14]
AdwCleaner[C07].txt - [2282 octets] - [22/06/2018 23:20:31]
AdwCleaner[S08].txt - [2218 octets] - [26/06/2018 20:25:28]
AdwCleaner[C08].txt - [2404 octets] - [26/06/2018 21:38:38]
AdwCleaner[S09].txt - [2340 octets] - [01/07/2018 19:25:38]
AdwCleaner[C09].txt - [2526 octets] - [01/07/2018 20:17:31]
AdwCleaner[S10].txt - [2462 octets] - [04/07/2018 12:12:35]
AdwCleaner[C10].txt - [2648 octets] - [04/07/2018 12:13:03]
AdwCleaner[S11].txt - [2584 octets] - [19/07/2018 19:55:28]
AdwCleaner[C11].txt - [2770 octets] - [19/07/2018 19:58:36]
AdwCleaner[S12].txt - [2706 octets] - [19/08/2018 16:23:14]
AdwCleaner[C12].txt - [2892 octets] - [19/08/2018 16:36:24]
AdwCleaner[S13].txt - [2836 octets] - [08/09/2018 21:43:17]
AdwCleaner[S14].txt - [2897 octets] - [15/09/2018 18:36:47]
AdwCleaner[S15].txt - [2958 octets] - [02/10/2018 21:08:03]
AdwCleaner[S16].txt - [3019 octets] - [05/10/2018 21:08:11]
AdwCleaner[C16].txt - [3205 octets] - [05/10/2018 21:53:00]
AdwCleaner[S17].txt - [3322 octets] - [27/10/2018 21:49:32]
AdwCleaner[C17].txt - [3470 octets] - [27/10/2018 22:01:10]
AdwCleaner[S18].txt - [3263 octets] - [28/10/2018 17:07:24]
AdwCleaner[S19].txt - [3324 octets] - [28/10/2018 22:09:05]
AdwCleaner[C19].txt - [3510 octets] - [28/10/2018 22:10:05]
AdwCleaner[S20].txt - [3446 octets] - [03/11/2018 14:24:31]
AdwCleaner[S21].txt - [3507 octets] - [20/11/2018 15:18:13]
AdwCleaner[C21].txt - [3693 octets] - [20/11/2018 15:18:35]
AdwCleaner[S22].txt - [3629 octets] - [29/11/2018 21:09:44]
AdwCleaner[C22].txt - [3815 octets] - [29/11/2018 21:10:59]
AdwCleaner[S23].txt - [3827 octets] - [01/12/2018 21:04:12]
AdwCleaner[C23].txt - [3993 octets] - [01/12/2018 21:06:09]
AdwCleaner[S24].txt - [3873 octets] - [02/12/2018 20:46:11]
AdwCleaner[S25].txt - [3934 octets] - [08/12/2018 18:02:15]
AdwCleaner[C25].txt - [4120 octets] - [08/12/2018 18:02:31]
AdwCleaner[S26].txt - [4056 octets] - [11/12/2018 20:08:54]
AdwCleaner[C26].txt - [4242 octets] - [11/12/2018 20:09:12]
AdwCleaner[S27].txt - [4178 octets] - [12/12/2018 19:02:49]
AdwCleaner[S28].txt - [4408 octets] - [16/12/2018 17:43:37]
AdwCleaner[C28].txt - [4554 octets] - [16/12/2018 17:47:02]
AdwCleaner[S29].txt - [4361 octets] - [20/12/2018 19:17:37]
AdwCleaner[C29].txt - [4547 octets] - [20/12/2018 19:17:52]
AdwCleaner[S30].txt - [4483 octets] - [28/12/2018 20:40:59]
AdwCleaner[C30].txt - [4669 octets] - [28/12/2018 20:41:43]
AdwCleaner[S31].txt - [4605 octets] - [30/12/2018 20:28:08]
AdwCleaner[C31].txt - [4791 octets] - [30/12/2018 20:28:24]
AdwCleaner[S32].txt - [4727 octets] - [02/01/2019 21:11:32]
AdwCleaner[C32].txt - [4913 octets] - [02/01/2019 21:20:12]
AdwCleaner[S33].txt - [4849 octets] - [11/01/2019 15:22:58]
AdwCleaner[C33].txt - [5035 octets] - [11/01/2019 15:23:57]
AdwCleaner[S34].txt - [4971 octets] - [13/01/2019 18:00:12]
AdwCleaner[C34].txt - [5157 octets] - [13/01/2019 18:00:32]
AdwCleaner[S35].txt - [5093 octets] - [19/01/2019 11:15:58]
AdwCleaner[C35].txt - [5279 octets] - [19/01/2019 11:17:06]
AdwCleaner[S36].txt - [5215 octets] - [23/01/2019 16:40:29]
AdwCleaner[C36].txt - [5401 octets] - [23/01/2019 16:40:56]
AdwCleaner[S37].txt - [5337 octets] - [04/02/2019 20:50:01]
AdwCleaner[C37].txt - [5523 octets] - [04/02/2019 20:50:29]
AdwCleaner[S38].txt - [5459 octets] - [10/02/2019 22:22:19]
AdwCleaner[C38].txt - [5645 octets] - [10/02/2019 22:22:39]
AdwCleaner[S39].txt - [5581 octets] - [21/02/2019 20:47:35]
AdwCleaner[C39].txt - [5767 octets] - [21/02/2019 20:47:55]
AdwCleaner[S40].txt - [5703 octets] - [28/02/2019 20:16:39]
AdwCleaner[C40].txt - [5889 octets] - [28/02/2019 20:36:25]
AdwCleaner[S41].txt - [5825 octets] - [01/03/2019 17:49:40]
AdwCleaner[C41].txt - [6011 octets] - [01/03/2019 17:49:59]
AdwCleaner[S42].txt - [5947 octets] - [05/03/2019 20:58:45]
AdwCleaner[S43].txt - [6095 octets] - [14/03/2019 15:37:28]
AdwCleaner[C43].txt - [6261 octets] - [14/03/2019 15:52:04]
AdwCleaner[S44].txt - [6130 octets] - [21/03/2019 20:54:09]
AdwCleaner[C44].txt - [6316 octets] - [21/03/2019 20:54:29]
AdwCleaner[S45].txt - [6252 octets] - [25/03/2019 20:18:45]
AdwCleaner[S46].txt - [6339 octets] - [07/06/2019 15:08:45]
AdwCleaner[C46].txt - [6505 octets] - [07/06/2019 15:14:23]
AdwCleaner[S47].txt - [6435 octets] - [18/06/2019 20:46:53]
AdwCleaner[C47].txt - [6621 octets] - [18/06/2019 20:47:23]
AdwCleaner[S48].txt - [6557 octets] - [20/07/2019 10:52:39]
AdwCleaner[C48].txt - [6743 octets] - [20/07/2019 12:04:39]
AdwCleaner[S49].txt - [7077 octets] - [29/07/2019 20:05:47]
AdwCleaner[S50].txt - [7224 octets] - [14/08/2019 21:11:29]
AdwCleaner[S51].txt - [7251 octets] - [15/08/2019 11:50:59]
AdwCleaner[C51].txt - [7102 octets] - [15/08/2019 11:52:26]
AdwCleaner[S52].txt - [7321 octets] - [17/08/2019 18:45:14]
AdwCleaner[S53].txt - [7382 octets] - [23/08/2019 17:55:15]
AdwCleaner[S54].txt - [7443 octets] - [30/08/2019 18:44:27]
AdwCleaner_Debug.log - [78961 octets] - [30/09/2019 15:54:29]
AdwCleaner[S55].txt - [13214 octets] - [30/09/2019 15:55:07]
AdwCleaner[C55].txt - [14038 octets] - [30/09/2019 15:55:54]
AdwCleaner[S56].txt - [7418 octets] - [08/10/2019 20:17:16]
AdwCleaner[C56].txt - [7617 octets] - [08/10/2019 20:19:32]
AdwCleaner[S57].txt - [7491 octets] - [23/10/2019 13:00:18]
AdwCleaner[C57].txt - [7679 octets] - [23/10/2019 13:00:39]
AdwCleaner[S58].txt - [7638 octets] - [03/01/2020 18:41:35]
AdwCleaner[C58].txt - [7806 octets] - [03/01/2020 18:43:29]
AdwCleaner[S59].txt - [7735 octets] - [04/01/2020 11:36:50]
AdwCleaner[C59].txt - [7923 octets] - [04/01/2020 11:39:36]
AdwCleaner[S60].txt - [7857 octets] - [05/01/2020 12:14:50]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C60].txt ##########

 

 



#2 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 06 January 2020 - 06:08 AM

Hello NextStep.

 

Welcome to SpywareInfo Forum.

I'm Android 8888 and I'll be helping you.

 

Please ask questions if anything is unclear.

 

Before we start, Happy New Year to you too.

 

You are running an outdated version of Malwarebytes. Please download the newest version 4.0 from here , install it and run a new scan. Then post the log in your next reply for my review.

Also, please post the content of Addition.txt log in your next reply.

 

Thank you.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#3 NextStep

NextStep

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 09 January 2020 - 08:02 AM

Sorry I should know how to do this by now!  :blush:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/9/20
Scan Time: 2:44 PM
Log File: 17dd86d4-32e6-11ea-ba01-9822ef81d116.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.793
Update Package Version: 1.0.17483
License: Trial

-System Information-
OS: Windows 10 (Build 17763.914)
CPU: x64
File System: NTFS
User: LAPTOP-KBGPHM51\SthCo

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 287952
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 12 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by SthCo (05-01-2020 12:01:43)
Running from C:\Users\SthCo\OneDrive\Desktop
Windows 10 Home Version 1809 17763.914 (X64) (2019-02-07 19:38:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1472495051-1772555074-1016449411-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1472495051-1772555074-1016449411-503 - Limited - Disabled)
Guest (S-1-5-21-1472495051-1772555074-1016449411-501 - Limited - Disabled)
SthCo (S-1-5-21-1472495051-1772555074-1016449411-1001 - Administrator - Enabled) => C:\Users\SthCo
WDAGUtilityAccount (S-1-5-21-1472495051-1772555074-1016449411-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {EA21BCE8-A461-99C3-3A0D-4C964E75494E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {51405D0C-825B-964D-00BD-77E435F203F3}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K YouTube to MP3 3.3 (HKLM-x32\...\{7DD40CC0-533F-4EF3-9DDC-1B6B91C8567D}) (Version: 3.3.6.1809 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.8 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.15.89 - Bitdefender)
Catalyst Control Center Next Localization BR (HKLM\...\{EDBCC6A8-9303-2689-705E-53853AE03D2D}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{2FD3B0A7-3C51-669C-6D4D-1D2581BC0BF1}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{8F2D7BCA-2406-FEF0-883E-6430A743C54D}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{BE432592-7E65-BEB8-E29D-80172BF66693}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0B25833C-714A-3E14-EF52-8DDE66F5D54A}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{4F31D402-DE8E-6126-41B0-8325346F5D34}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{222BD3C0-B926-3123-3E3E-9ABBCF1BFCFA}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{94E5F30D-D9B9-D459-E2B7-61779ED3D813}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{27E0E9AE-637B-1BFA-2F0A-33D147924604}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E2CCDAF4-4AEF-0E25-5B93-9CF6313F2042}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DAE8A1BA-B04B-3E6B-DC46-0344DC54B3F0}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{90B996CF-2FD9-6F02-4E41-062A09BB6DA7}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{414E6D53-48D3-05EA-C0BB-70AFB3F9E058}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{C4443D56-DED6-B9F2-2617-698691798710}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{69026449-BFB4-51AD-5D1D-E2FA5EC59C6E}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7F39F65B-FABA-F7CE-E6E2-AC000F081550}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{C04175C3-216C-20B4-8268-CF93921BD682}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{BED53665-7255-C406-8BC6-067A853E91EA}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{F58C3FE6-7271-E2D2-F0AE-46059DF42EB2}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{2DD8998D-3F57-98B7-A543-8AD4567CD733}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{F4A402C5-C5F9-9BB8-BD70-9561AA9D8261}) (Version: 2017.0706.302.5431 - Advanced Micro Devices, Inc.) Hidden
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Grammarly (HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\GrammarlyForWindows) (Version: 1.5.48 - Grammarly)
Grammarly for Microsoft® Office Suite (HKLM\...\{48FA82A2-A3CD-43D7-B483-AE8DA9E4627F}) (Version: 6.7.189 - Grammarly) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\{23c69d4b-bf47-4698-ad4e-b54d30ffcab9}) (Version: 6.7.189 - Grammarly)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{60499BF0-C3D1-40CC-8600-8A7246534466}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10427 - Qualcomm)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8122 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)

Packages:
=========
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2018-11-12] (Acer Incorporated)
Booking.com -> C:\Program Files\WindowsApps\Booking.com_1.0.1606.2210_x64__96rgg7pjt343r [2018-05-19] (CN=Acer Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.4.0_x86__kgqvnymyfvs32 [2020-01-03] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1652.1.0_x86__kgqvnymyfvs32 [2019-12-11] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-12] (king.com)
Cooking Fever -> C:\Program Files\WindowsApps\NORDCURRENT.COOKINGFEVER_7.0.0.2_x86__m9bz608c1b9ra [2019-12-12] (Nordcurrent)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_4.9.2.1_x86__h6adky7gbf63m [2019-11-20] (Gameloft.)
Duplicate Cleaner Free -> C:\Program Files\WindowsApps\DigitalVolcanoSoftware.DuplicateCleanerFree_4.12.0.0_neutral__55chcb595f864 [2019-06-22] (DigitalVolcano Software)
eBay -> C:\Program Files\WindowsApps\eBay_1.0.1606.2210_x64__96rgg7pjt343r [2018-05-19] (CN=Acer Incorporated)
Google Photos for Win 10 -> C:\Program Files\WindowsApps\37564Microsoftgames.AlbumforGooglePhotos_4.0.0.0_x64__0c8hkgztxcs6t [2018-09-05] (11K Studio) [MS Ad]
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.32.3201.0_x86__ytsefhwckbdv6 [2020-01-03] (G5 Entertainment AB)
Hotspot VPN - Best Free VPN & Unlimited Wifi Proxy -> C:\Program Files\WindowsApps\IFreeNetInc.MicVPN-FreeVPNForEveryone_2.1.0.0_x64__92dmzecfx4dew [2019-07-25] (IFreeNet Inc)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2020-01-03] (Apple Inc.) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.1.3_x86__h6adky7gbf63m [2020-01-03] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-31] (Microsoft Corporation) [MS Ad]
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2018-12-18] (Microsoft Platform Extensions)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.105.0_x64__8wekyb3d8bbwe [2020-01-03] (Microsoft Studios)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw [2019-07-25] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-14] (Microsoft Corporation)
Robot Scrabble -> C:\Program Files\WindowsApps\2084BrookNgo.RobotScrabble_2.0.1.0_neutral__bgyjhtwwwvh58 [2018-10-02] (Brook Ngo)
S/MIME Reader -> C:\Program Files\WindowsApps\745MartinBauer.SMIMEReader_1.1.17.0_x64__m8zk2325nz666 [2018-08-07] (Martin Bauer)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-24] (WildTangent Games)
Words Scrabble Friends -> C:\Program Files\WindowsApps\42632InstaRoyalSportGames.WordFriendsScrabbleFree_4.1.0.0_x86__8gdk6ypn1p9yp [2019-02-15] (Insta Royal Sport Games) [MS Ad]
Words Scrabble Plus -> C:\Program Files\WindowsApps\48276FunGamesFree.WordsFriendsPlus_2.1.0.0_x64__nf94xajy52wwr [2018-12-26] (Fun Games Free) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\SthCo\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.189\A32FCADA18\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)
CustomCLSID: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\SthCo\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.189\A32FCADA18\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> No File
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-06-07] (Acer Incorporated -> Acer Incorporated)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-06] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-09-15 08:30 - 2016-09-15 08:30 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000114176 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_ctypes.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000173056 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_elementtree.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001808896 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_hashlib.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000032256 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_multiprocessing.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000046080 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_psutil_windows.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000047616 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_socket.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 002241024 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_ssl.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000026112 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\_yappi.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000080896 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\bz2.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000016384 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\common.time34.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000007680 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\hashobjs_ext.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000301568 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\PIL._imaging.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000169472 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\pyexpat.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001084416 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\pysqlite2._sqlite.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000548864 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\pythoncom27.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000137728 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\pywintypes27.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000010752 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\select.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000020992 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\thumbnails_ext.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000689664 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\unicodedata.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000119808 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\usb_ext.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000128512 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32api.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000438784 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32com.shell.shell.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000011776 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32crypt.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000023040 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32event.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000149504 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32file.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000223232 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32gui.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000048128 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32inet.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000029696 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32pdh.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000027648 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32pipe.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000044032 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32process.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000020480 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32profile.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000136192 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32security.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000026624 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\win32ts.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000034816 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\windows.conditional.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000038400 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\windows.connectivity.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000071680 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\windows.device_monitor.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000109056 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\windows.volumes.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000020480 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\windows.winwrap.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001325056 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._controls_.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001489408 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._core_.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001007104 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._gdi_.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000103424 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._html2.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 000916992 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._misc_.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 001039872 _____ () [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wx._windows_.pyd
2020-01-05 11:40 - 2020-01-05 11:40 - 003042816 _____ (Python Software Foundation) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\python27.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-15 08:29 - 2016-09-15 08:29 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-15 08:29 - 2016-09-15 08:29 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-15 08:29 - 2016-09-15 08:29 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-15 08:29 - 2016-09-15 08:29 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-15 08:29 - 2016-09-15 08:29 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-15 08:30 - 2016-09-15 08:30 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxbase30u_net_vc90_x64.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxbase30u_vc90_x64.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxmsw30u_adv_vc90_x64.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxmsw30u_core_vc90_x64.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxmsw30u_html_vc90_x64.dll
2020-01-05 11:40 - 2020-01-05 11:40 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\SthCo\AppData\Local\Temp\_MEI116642\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\SthCo\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.credentials:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.tmp.drivedownload:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Fax:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Media:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\samsung:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Scanned Documents:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SthCo\OneDrive\Desktop\20181005_072514.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D7C6B522-A99C-4FE9-95C5-8316FA442478}] => (Allow) C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4\abFiles\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{CD5D1522-733D-42AB-A43C-9D5F8DD79F32}] => (Allow) C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4\abFiles\acer\ccd.exe (Acer Incorporated -> Acer Cloud Technology)
FirewallRules: [{745C7E1A-D17D-4897-9F67-D0ABB5327DBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2DD252E3-10CE-4366-A192-D639C9998AB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39F49FD0-1963-44CD-991A-5BF818308A2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47B354DB-7F2D-4223-841E-2EDE41ACCE41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A05CB949-C872-40D7-8C35-9FE9F4C459A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6B76FC5-7499-40E9-BC32-85260F94889B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4A8AB389-9CE5-4CC3-9607-2285400E4CEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A169A431-4A1D-43DF-8BB6-585D918BFA37}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{06BA8884-D2B3-4790-A12F-9209C29BB2F3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B0C7E525-CAFB-4D66-92D6-C341875EB4C6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BD98C56-AB09-4EE8-98AA-BD6CDFEA5B09}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6ADF022-779E-4716-9BD9-DE9F90B6E5AA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2657E45D-8757-4810-8312-1AB462FC092F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

04-01-2020 13:13:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/05/2020 11:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.17763.831, time stamp: 0x9f1a9fae
Faulting module name: ntdll.dll, version: 10.0.17763.831, time stamp: 0x6071cf9d
Exception code: 0xc0000005
Fault offset: 0x00041f15
Faulting process ID: 0xf28
Faulting application start time: 0x01d5c3b454ad388e
Faulting application path: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: d14c9cb9-cf85-488b-bd77-7522523e6fac
Faulting package full name:
Faulting package-relative application ID:

Error: (01/04/2020 11:34:02 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/03/2020 06:21:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/24/2019 02:57:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-KBGPHM51)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (12/12/2019 08:49:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.17763.831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1d80

Start Time: 01d5b125266c90cd

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: f7af1832-1af4-40c4-96ba-7f6bb48c270d

Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Unknown

Error: (12/11/2019 12:26:05 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/27/2019 10:14:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.17763.831 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2ff0

Start Time: 01d5a502b857d585

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

Report Id: 112810ab-3d2b-4e1c-b185-1fde6470fde4

Faulting package full name: Microsoft.MicrosoftEdge_44.17763.831.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Hang type: Cross-thread

Error: (11/24/2019 10:28:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DoSvc, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: dosvc.dll, version: 10.0.17763.404, time stamp: 0x4edbcc20
Exception code: 0xc0000005
Fault offset: 0x00000000000d3a1f
Faulting process ID: 0x16e8
Faulting application start time: 0x01d59b8db09bf24f
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\windows\system32\dosvc.dll
Report ID: 59de8067-575d-4867-bf6d-3feb1de77ec7
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/05/2020 11:39:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/05/2020 11:39:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 12:39:58 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-KBGPHM51)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-KBGPHM51\SthCo SID (S-1-5-21-1472495051-1772555074-1016449411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 12:39:58 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-KBGPHM51)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-KBGPHM51\SthCo SID (S-1-5-21-1472495051-1772555074-1016449411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 12:02:47 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-KBGPHM51)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-KBGPHM51\SthCo SID (S-1-5-21-1472495051-1772555074-1016449411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 12:02:47 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-KBGPHM51)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user LAPTOP-KBGPHM51\SthCo SID (S-1-5-21-1472495051-1772555074-1016449411-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 11:47:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/04/2020 11:47:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-03-07 12:21:48.474
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6C6127C1-79A5-49CA-83B8-31BA7D362BA8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-07 12:15:28.549
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BBDA9CC0-77FF-47A0-B830-2E2418C131C3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-07 12:08:43.407
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A83BC892-E353-438D-B074-9AD53BB971CC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-07 11:16:57.628
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5D6BF5AE-16AC-4601-B547-FB6D146A08BB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-05 18:47:57.331
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {547EF547-A4C2-4FB4-877E-2C699E4726EC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 21:19:30.612
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2019-11-24 10:28:59.019
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:58.961
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:57.508
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:57.447
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:57.380
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:57.339
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:51.414
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 10:28:51.152
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.02 05/12/2017
Motherboard: SR Squirtle_SR
Processor: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 33%
Total physical RAM: 11733.37 MB
Available physical RAM: 7784.44 MB
Total Virtual: 13525.37 MB
Available Virtual: 9456.11 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:863.6 GB) NTFS

\\?\Volume{10a44632-d169-40e9-b2ee-eabda959cd11}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.57 GB) NTFS
\\?\Volume{07ea63d4-b73f-411b-99c7-746ffb782b2b}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC3FF07B)

Partition: GPT.

==================== End of Addition.txt =======================



#4 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 11 January 2020 - 05:44 AM

Hello NextStep.

Please read the instructions below and execute the following script.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> DefaultScope {2F39EDB7-58EF-49EC-B98D-139CCE3A2321} URL =
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> {201E645E-E6BB-4B21-9524-A0C6D7ABC73A} URL =
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\SthCo\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.credentials:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.tmp.drivedownload:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Fax:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Media:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\samsung:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Scanned Documents:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
EmptyTemp:
End::

Save the file as fixlist.txt in to the same folder as FRST.
Right-click the FRST icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder as FRST is running from. Please post its content to your next reply.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Please test the computer by running some programs and let me know how is it behaving at this point. Also, does it still slow in starting up?

Thank you.

Android 8888

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#5 NextStep

NextStep

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 12 January 2020 - 05:05 AM

Sorry to waste your time on basics but how do I do this please?  - Save the file as fixlist.txt in to the same folder as FRST.

 

PLEASE IGNORE I worked it out :blush:


Edited by NextStep, 12 January 2020 - 05:37 AM.


#6 NextStep

NextStep

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 12 January 2020 - 05:38 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by SthCo (12-01-2020 12:11:19) Run:1
Running from C:\Users\SthCo\OneDrive\Desktop
Loaded Profiles: SthCo (Available Profiles: SthCo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> DefaultScope {2F39EDB7-58EF-49EC-B98D-139CCE3A2321} URL =
SearchScopes: HKU\S-1-5-21-1472495051-1772555074-1016449411-1001 -> {201E645E-E6BB-4B21-9524-A0C6D7ABC73A} URL =
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
AlternateDataStreams: C:\Users\SthCo\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.credentials:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\.tmp.drivedownload:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Fax:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Media:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\samsung:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\SthCo\OneDrive\Documents\Scanned Documents:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1472495051-1772555074-1016449411-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{201E645E-E6BB-4B21-9524-A0C6D7ABC73A} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ACloudSynced => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
C:\Users\SthCo\OneDrive => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity" ADS could not remove.
C:\Users\SthCo\OneDrive\Documents\.credentials => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\SthCo\OneDrive\Documents\.tmp.drivedownload => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\SthCo\OneDrive\Documents\Fax => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\SthCo\OneDrive\Documents\Media => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\SthCo\OneDrive\Documents\samsung => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS removed successfully
C:\Users\SthCo\OneDrive\Documents\Scanned Documents => ":${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata" ADS could not remove.

=========== EmptyTemp: ==========

BITS transfer queue => 8937472 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 167390610 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 3011689 B
Edge => 2411299 B
Chrome => 0 B
Firefox => 772734631 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 36604 B
NetworkService => 100068 B
SthCo => 153061119 B

RecycleBin => 218764302 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:22:13 ====



#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 15 January 2020 - 09:25 AM

Hello NextStep,

 

Are you still with me?

 

How is the laptop running?

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 NextStep

NextStep

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 19 January 2020 - 04:49 AM

Yes, apologies Ive been unwell and not been on laptop. And not getting notifications?

 

Overall it seems better, but there are random times (as in I don't know enough about techie stuff to pinpoint the problem) when it seems slower.

Is there anything else you can suggest, please?



#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,199 posts

Posted 23 January 2020 - 08:07 AM

Hello NextStep.

I hope your health is getting better.


I would like you execute the following set of instructions, please:


Open an elevated PowerShell window by pressing Windows key + X key and then select Windows PowerShell (Admin);
Click Yes;

Then type in the following exactly:

chkdsk c: /f

and press Enter.

You should notice 2 things.

1. The new window should have the text Administrator: Windows PowerShell written on the top.
2. It should say it cannot run because the volume is in use. Press the Y key to allow it to run on reboot. The press the Enter key.

Close the PowerShell window, then restart the computer and let it run the disk check. It may take several minutes to complete.


After the reboot please do the following:
 

Open an elevated PowerShell window by pressing Windows key + X key and then select Windows PowerShell (Admin);
Click Yes;

In PowerShell window, copy and paste the command below, and press Enter:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
 

 

CHKDSKResults.txt file will be created on your Desktop, that is the log file of your chkdsk scan results from Event Viewer.

Please copy and paste the entire content of that file in your next reply for my review.

Note: If the content is to long you can attach the file.



Next,

Open an elevated PowerShell window by pressing Windows key + X key and then select Windows PowerShell (Admin);
Click Yes;
Type the following command, and then press Enter.
DISM.exe /Online /Cleanup-image /Restorehealth
 

Note: It may take several minutes for the command operation to be completed.

 

 

Next,

Open an elevated PowerShell window by pressing Windows key + X key and then select Windows PowerShell (Admin);
Click Yes;
Now type this command:

sfc /scannow

and press the Enter key.
It may take several minutes to complete.

After the process is finished, you may receive one of the following messages:

  • Windows Resource Protection did not find any integrity violations.
  • Windows Resource Protection found corrupt files and successfully repaired them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.
  • Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log %WinDir%\Logs\CBS\CBS.log.

 

Let me know which was the final message.


To summarize, please post:
The content of CHKDSKResults.txt file.
The message after running the "sfc /scannow" command.

How is the computer behavior?

 

Thank you.

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 17 March 2020 - 06:30 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button