Jump to content

Persistent RegAsm.exe and spoolsvc.exe programs


Recommended Posts

Hello I am in need of help,

 

I did something not smart and downloaded and ran something I probably should not have. I realized my mistake (hopefully) before anything too bad was transferred or installed and unplugged my computer to hard reset it. I dow nloaded malwarebytes immediately and cleaned a bunch of malicious programs off my computer and everything was fine, until a few days later when I ran a scan again. Now almost every time I run a scan whether or not I have restarted, malwarebytes finds and flags a file in c:\users\Logan\AppData\Local\Microsoft\spoolsvc.exe, a file I have removed multiple times as the screen snip will show, additionally sometimes when I try to go online Malwarebytes pops up a warning about my computer trying to access the  IP address 45.139.236.222 and lists the file as C:\Windows\Microsoft.NET\Framework\v.4.0.030329\RegAsm.exe  a file I have also tried to delete to no effect, but often starts on boot with a pop up with random gibberish that seems to be different every time. I am currently using the trial version and would buy the premium version if necessary, but I would like to know if this problem can be solved and what steps are necessary to purge my computer.

 

Thank you

Assembly Rergistry.PNG

Assembly Registry Utility 2.PNG

strange pop up.PNG

JustDieAlready.PNG

Link to post
Share on other sites

Hello LoganTheRed and welcome to malwarebytes....

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

or,

https://downloads.malwarebytes.com/file/mb4_offline

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Export to Txt" then attach the log to your reply...


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Good Afternoon Kevin, 

 

I have attached the requested files, I neglected to mention in my original post that I have run ADW cleaner in the past which is why it is so clean. Another small issue is that when I ran it and tried to do the repair feature it  caused my computer to crash which I have added a picture of. All the rest is as I have described it previously and I was able to run FRST64 without issue. Let me know how it looks because I am still getting the pop ups about the trojan trying to send my data out every 30 seconds and it is quite frustrating.

ADWCleaner:

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build:    07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-09-2020
# Duration: 00:00:00
# OS:       Windows 8.1
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2198 octets] - [04/08/2020 20:58:20]
AdwCleaner[C00].txt - [2202 octets] - [04/08/2020 20:59:26]
AdwCleaner[S01].txt - [1524 octets] - [04/08/2020 21:19:01]
AdwCleaner[C01].txt - [1714 octets] - [04/08/2020 21:20:38]
AdwCleaner[S02].txt - [1646 octets] - [04/08/2020 21:54:42]
AdwCleaner[S03].txt - [1707 octets] - [04/08/2020 21:55:31]
AdwCleaner[S04].txt - [1768 octets] - [04/08/2020 21:58:32]
AdwCleaner[C04].txt - [1958 octets] - [04/08/2020 21:58:58]
AdwCleaner[S05].txt - [1890 octets] - [04/08/2020 22:33:59]
AdwCleaner[S06].txt - [1951 octets] - [09/08/2020 16:37:01]
AdwCleaner[S07].txt - [2012 octets] - [09/08/2020 16:47:41]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by Logan (administrator) on LOGAN-BOX (09-08-2020 17:30:08)
Running from C:\Users\Logan\Desktop
Loaded Profiles: Logan
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
() [File not signed] C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
() [File not signed] C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
() [File not signed] C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
() [File not signed] C:\Program Files\REAL 5.1 GAME AUDIO-VISUAL HEADSET\CPL\FaceLift_x64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\acrotray.exe
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe <2>
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Dassault Systemes SolidWorks Corp. -> Dassault Systèmes) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel CASE -> Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Software -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Marvell Semiconductor -> Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\MSI\Smart Utilities\SuperRAIDSvc.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI CO.,LTD.) [File not signed] C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\CPU_Ratio.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel CASE -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-05-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Cm106Sound] => C:\Program Files\REAL 5.1 GAME AUDIO-VISUAL HEADSET\CPL\FaceLift_x64.exe [2358784 2014-09-01] () [File not signed]
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [814064 2014-04-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\StartLiveUpdate.exe [579056 2014-03-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\PTC\Mathcad PDSi\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] () [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [84008696 2019-12-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3377440 2020-07-31] (Valve -> Valve Corporation)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-01-09] (Google Inc -> Google Inc.)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [BingSvc] => C:\Users\Logan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-06] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Discord] => C:\Users\Logan\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-06-09] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [uTorrent] => C:\Users\Logan\AppData\Roaming\uTorrent\uTorrent.exe [2091760 2020-08-02] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32406416 2020-07-28] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24211952 2019-12-20] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Logan\AppData\Local\Microsoft\Teams\Update.exe [2324624 2020-01-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\Run: [VersionRecover] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe [64704 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {22b31dac-1a1c-11e6-82dc-448a5b9e1370} - "V:\setup.exe" 
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {22b321ff-1a1c-11e6-82dc-448a5b9e1370} - "V:\setup.exe" 
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\...\MountPoints2: {dd2ce76d-2879-11e7-8340-448a5b9e1370} - "E:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [24211952 2019-12-20] (Plex, Inc. -> Plex, Inc.)
HKLM\...\Windows x64\Print Processors\hpcpp103: C:\Windows\System32\spool\prtprocs\x64\hpcpp103.dll [323584 2010-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\Windows\system32\hpinkstsC511LM.dll [333496 2013-01-25] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.105\Installer\chrmstp.exe [2020-07-29] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2017 Fast Start.lnk [2017-10-04]
ShortcutTarget: SOLIDWORKS 2017 Fast Start.lnk -> C:\Windows\Installer\{BB965FD0-077F-4CA4-BFD1-39FFEFF15770}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) [File not signed]
Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-03-23]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe (No File)
Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
InternetURL: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvc.url -> URL: "C:\Users\Logan\AppData\Roaming\spoolsvc\fMlkwA.vbs"
Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2019-12-21]
ShortcutTarget: Twitch.lnk -> C:\Users\Logan\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BC8ACB2-2D82-4DBE-801E-37FDC74AAD26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {23F9787E-10D8-49DF-9C3C-F727EEC80B01} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {29C850E4-8DF0-48E5-ADD8-7181D8929273} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {4AD803DC-5DFF-465C-8F24-E59E45D65614} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {5A8AF15E-10F4-4CBC-9FB3-95F46AB54CF0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {5ABC681E-1F45-447D-A368-F3D0DA96786E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {6010D44E-05B8-4D3E-9A92-ED3B385E36D9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2220832 2015-07-08] (Microsoft Corporation -> Microsoft)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {6FFBF5D6-330E-4310-9FBC-9E8694A8CFDB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [123600 2020-07-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {7EF25437-9108-46EB-8C07-9020AAB19981} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {80D630EB-5F75-4103-A1F1-F1DD2DBCD919} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {8860387A-9D4A-4890-BE51-694DB322FFE2} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1568032 2015-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F55BE81-0565-43E3-BC62-DD80075B5EB1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-14] (Adobe Inc. -> Adobe)
Task: {9C319CA6-44E8-4A05-821E-3CB9F9BE4D56} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2201376 2015-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {A75C3D6D-E5BB-4C05-B76C-F08A2B397ECF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443736 2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {ACC5095A-E5D1-4C23-8FD8-A0F9DB714AE2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {B395A55E-BA62-4B93-88F6-3B7EA3DAB5A7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2201376 2015-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {B9B022FB-5F61-49A0-88C5-D941399FFAC5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC54C569-CD3E-4A94-A3BA-9FEE9A711210} - System32\Tasks\{37C04311-B68D-4868-A4C1-6A8E3045953F} => C:\Windows\system32\pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.admin.exe" -d "C:\Riot Games\League of Legends"
Task: {C4D24E33-A0EE-49BF-8E0F-0B1E31EB99C4} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013600 2018-04-13] (NVIDIA Corporation -> )
Task: {C534D7F9-2859-441F-90AD-E92DE8F11AEB} - System32\Tasks\MATLAB R2016b Startup Accelerator => C:\Program Files\MATLAB\R2016b\bin\win64\MATLABStartupAccelerator.exe [44544 2016-07-22] () [File not signed]
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {E6127D08-F533-45CA-BAB2-14C66D2B74C9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1568032 2015-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA02BFD9-E00D-4952-9E36-B67F2FBB0CED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\MATLAB R2016b Startup Accelerator.job => C:\Program Files\MATLAB\R2016b\bin\win64\MATLABStartupAccelerator.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1414858B-05C5-4A11-A055-6595D8E63A5C}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1E3B2E66-0E67-49DB-8815-BD185B2AF5CF}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{490F228C-5CCF-48BC-945D-23A9FE777205}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{60CCFD18-5DF8-45CE-9F0F-93A494C9B149}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-388570003-4217937664-1560118732-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc -> Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc -> Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
Edge Profile: C:\Users\Logan\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-02]

FireFox:
========
FF DefaultProfile: t2ni5s2y.default
FF ProfilePath: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\t2ni5s2y.default [2020-08-09]
FF Homepage: Mozilla\Firefox\Profiles\t2ni5s2y.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF SearchPlugin: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\t2ni5s2y.default\searchplugins\bing-lavasoft-ff59.xml [2019-04-19]
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\NPCOMP~1.DLL [2017-02-03] (Dassault Systemes SE -> Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~3\Bin\x86\NPCOMP~1.DLL [2017-02-03] (Dassault Systemes SE -> Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-14] (Adobe Inc. -> )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-01-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-388570003-4217937664-1560118732-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Logan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies SF -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-388570003-4217937664-1560118732-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Logan\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-11-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default [2020-08-09]
CHR Notifications: Default -> hxxp://play.pokemonshowdown.com; hxxps://play.pokemonshowdown.com; hxxps://www.curse.com
CHR Extension: (Slides) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-08-09]
CHR Extension: (Google Search) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Sheets) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-09]
CHR Extension: (BehindTheOverlay) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljipkdpcjbmhkdjjmbbaggebcednbbme [2016-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-25]
CHR Profile: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-03-15]
CHR Extension: (Google Slides) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09]
CHR Extension: (Google Docs) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-09]
CHR Extension: (YouTube) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09]
CHR Extension: (Google Search) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09]
CHR Extension: (Google Sheets) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR Extension: (Gmail) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09]
CHR HKU\S-1-5-21-388570003-4217937664-1560118732-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-14] (Adobe Inc. -> Adobe)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11118984 2020-07-06] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-03-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2017-02-03] (Intel(R) Software Development Products -> Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] (Intel CASE -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-02] (Malwarebytes Inc -> Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2101248 2014-03-24] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [313856 2014-03-26] () [File not signed]
R3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4115456 2014-03-31] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-04-02] () [File not signed]
S3 MSISaveLoad_CC; C:\Program Files (x86)\MSI\Command Center\MSISaveLoadService.exe [3957760 2014-03-24] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [183808 2014-03-26] () [File not signed]
R3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [540672 2014-03-24] () [File not signed]
S3 MSIWMI_CC; C:\Program Files (x86)\MSI\Command Center\MSIWMIService.exe [183296 2014-03-24] () [File not signed]
S2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [83952 2014-03-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star International)
S2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2143736 2019-12-20] (Plex, Inc. -> Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-12-17] (Even Balance, Inc. -> )
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-04-29] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SuperRAIDSvc; C:\MSI\Smart Utilities\SuperRAIDSvc.exe [24048 2014-04-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 SWVisualize2017.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [26008 2017-02-03] (Dassault Systemes SolidWorks Corp. -> Dassault Systèmes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13086224 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [142432 2017-11-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-03-14] (Intel(R) Software -> Intel(R) Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel(R) Software -> Intel Corporation)
R3 CMUAC; C:\Windows\system32\DRIVERS\CMUAC.sys [595456 2014-09-04] (C-MEDIA ELECTRONICS INC. -> C-MEDIA)
S3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2018-07-06] (CPUID -> CPUID)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-02] (Malwarebytes Corporation -> Malwarebytes)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-02-18] (Intel(R) Software -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197264 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131232 2020-08-09] (Malwarebytes Inc -> Malwarebytes)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] (Marvell Semiconductor -> )
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (Micro-Star Int'l Co. Ltd. -> MSI)
S3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MSIRatio_CC; C:\Program Files (x86)\MSI\Command Center\CPU\CPU_Ratio\NTIOLib_X64.sys [13368 2012-11-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\NTIOLib_X64.sys [13368 2012-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MSI_RAID; C:\MSI\Smart Utilities\NTIOLib_X64.sys [13808 2014-03-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 17:21 - 2020-08-09 17:30 - 000000000 ____D C:\FRST
2020-08-09 17:19 - 2020-08-09 17:19 - 002296320 _____ (Farbar) C:\Users\Logan\Desktop\FRST64 (1).exe
2020-08-09 17:18 - 2020-08-09 17:19 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (5).exe
2020-08-09 17:14 - 2020-08-09 17:14 - 000197264 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-09 17:13 - 2020-08-09 17:13 - 000131232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-09 17:13 - 2020-08-09 17:13 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-09 17:04 - 2020-08-09 17:04 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (4).exe
2020-08-09 16:36 - 2020-08-09 16:36 - 008414384 _____ (Malwarebytes) C:\Users\Logan\Downloads\adwcleaner_8.0.7 (1).exe
2020-08-09 16:36 - 2020-08-09 16:36 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (3).exe
2020-08-09 16:35 - 2020-08-09 16:35 - 178209800 _____ (Malwarebytes) C:\Users\Logan\Downloads\mb4-setup-consumer-4.1.2.179-1.0.1003-1.0.27984.exe
2020-08-09 16:33 - 2020-08-09 16:33 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (2).exe
2020-08-05 20:49 - 2020-08-05 20:49 - 002040904 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup (1).exe
2020-08-05 00:37 - 2020-08-05 00:40 - 000000000 ____D C:\NPE
2020-08-04 22:45 - 2020-08-04 22:45 - 009615808 _____ (NortonLifeLock Inc.) C:\Users\Logan\Downloads\NPE.exe
2020-08-04 22:39 - 2020-08-04 22:39 - 002295808 _____ (Farbar) C:\Users\Logan\Downloads\FRST64.exe
2020-08-04 20:55 - 2020-08-04 20:59 - 000000000 ____D C:\AdwCleaner
2020-08-04 20:55 - 2020-08-04 20:55 - 008414384 _____ (Malwarebytes) C:\Users\Logan\Downloads\adwcleaner_8.0.7.exe
2020-08-04 19:31 - 2020-08-04 19:31 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\Puppygames
2020-08-03 01:22 - 2020-08-03 01:22 - 000000000 ____D C:\Users\Logan\Downloads\Adobe Photoshop 2020 v21.0.2.57 (x64) Pre-Cracked
2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\Users\Public\Documents\Monolith Productions
2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\ProgramData\Trymedia
2020-08-03 01:16 - 2020-08-03 01:16 - 000000000 ____D C:\ProgramData\Documents\Monolith Productions
2020-08-03 01:13 - 2007-05-07 00:08 - 000000000 ____D C:\Users\Logan\Desktop\FEAR
2020-08-03 01:04 - 2020-08-07 17:40 - 000000000 ____D C:\Users\Logan\Downloads\[PC] F. E. A. R. [FINAL] [RIP] [dopeman]
2020-08-02 19:37 - 2020-08-02 19:37 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-02 19:37 - 2020-08-02 19:37 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-02 19:37 - 2020-08-02 19:37 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-02 19:37 - 2020-08-02 19:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-02 19:36 - 2020-08-02 19:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-02 19:33 - 2020-08-02 19:33 - 002025944 _____ (Malwarebytes) C:\Users\Logan\Downloads\MBSetup.exe
2020-08-02 19:18 - 2020-08-02 19:18 - 000000000 __SHD C:\Users\Logan\AppData\Roaming\spoolsvc
2020-08-02 19:17 - 2020-08-02 19:17 - 001564823 _____ C:\ProgramData\6071
2020-08-02 19:17 - 2020-08-02 19:17 - 000000116 _____ C:\Users\Logan\AppData\Roaming\hero.md
2020-08-02 19:17 - 2020-08-02 19:17 - 000000024 _____ C:\ProgramData\930976.bat
2020-08-02 19:17 - 2020-08-02 19:17 - 000000000 ____D C:\ProgramData\60
2020-08-02 19:16 - 2020-08-03 20:58 - 000000000 ____D C:\Program Files (x86)\VidBid
2020-08-02 19:16 - 2020-08-02 19:37 - 000000000 ____D C:\Users\Logan\AppData\Roaming\frreznsqigu
2020-08-02 19:16 - 2020-08-02 19:16 - 000000000 ____D C:\ProgramData\S6YVTYGHZTXG564CAOYGBX6UB
2020-08-02 19:16 - 2020-08-02 19:16 - 000000000 ____D C:\Program Files (x86)\Kobo
2020-08-02 19:15 - 2020-08-02 20:08 - 000000000 ____D C:\Program Files (x86)\esshim
2020-08-02 19:15 - 2020-08-02 19:36 - 000000000 ____D C:\Program Files (x86)\ieiez
2020-08-02 17:00 - 2020-08-02 17:00 - 000000000 ____D C:\Users\Logan\AppData\Roaming\RenPy
2020-07-31 23:33 - 2020-07-31 23:33 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-07-31 20:31 - 2020-07-31 23:01 - 000000000 ____D C:\Program Files (x86)\UnRealWorld
2020-07-31 20:31 - 2020-07-31 20:31 - 000001927 _____ C:\Users\Public\Desktop\UnReal World.lnk
2020-07-31 20:31 - 2020-07-31 20:31 - 000001927 _____ C:\ProgramData\Desktop\UnReal World.lnk
2020-07-31 20:31 - 2020-07-31 20:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnReal World 3.62
2020-07-31 20:29 - 2020-07-31 20:30 - 034881211 _____ C:\Users\Logan\Downloads\urw-3.62.exe
2020-07-30 19:35 - 2020-08-02 19:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-07-28 18:47 - 2020-07-28 18:47 - 000864317 _____ C:\Users\Logan\Downloads\AutoClicker.exe
2020-07-28 18:47 - 2020-07-28 18:47 - 000000000 ____D C:\Users\Logan\Downloads\ACLib
2020-07-14 18:49 - 2020-07-14 18:49 - 009585208 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2020-07-14 15:31 - 2020-07-08 06:56 - 001370688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-07-14 15:31 - 2020-07-08 03:40 - 001088512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-07-14 15:31 - 2020-07-01 22:57 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-07-14 15:31 - 2020-07-01 22:43 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-07-14 15:31 - 2020-06-12 18:53 - 000360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2020-07-14 15:31 - 2020-06-12 17:39 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2020-07-14 15:31 - 2020-06-12 17:25 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2020-07-14 15:31 - 2020-06-12 13:37 - 000537616 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-07-14 15:31 - 2020-06-12 12:56 - 000450296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-07-14 15:31 - 2020-06-12 09:29 - 001549560 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-07-14 15:31 - 2020-06-11 16:18 - 007362288 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-07-14 15:31 - 2020-06-11 01:03 - 022378304 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-07-14 15:31 - 2020-06-11 01:03 - 000723008 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-07-14 15:31 - 2020-06-11 00:56 - 000806200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-07-14 15:31 - 2020-06-11 00:37 - 019803064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-07-14 15:31 - 2020-06-11 00:37 - 000561896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-07-14 15:31 - 2020-06-11 00:33 - 000613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-07-14 15:31 - 2020-06-11 00:16 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-07-14 15:31 - 2020-06-10 23:41 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-07-14 15:31 - 2020-06-10 23:41 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-07-14 15:31 - 2020-06-10 23:39 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2020-07-14 15:31 - 2020-06-10 23:14 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2020-07-14 15:31 - 2020-06-10 23:04 - 015479296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-07-14 15:31 - 2020-06-10 22:56 - 000257536 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2020-07-14 15:31 - 2020-06-10 22:54 - 000551424 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2020-07-14 15:31 - 2020-06-10 22:46 - 013861888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-07-14 15:31 - 2020-06-10 22:45 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2020-07-14 15:31 - 2020-06-10 22:44 - 014534656 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-07-14 15:31 - 2020-06-10 22:42 - 000906240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2020-07-14 15:31 - 2020-06-10 22:42 - 000211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2020-07-14 15:31 - 2020-06-10 22:37 - 007800320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-07-14 15:31 - 2020-06-10 22:37 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2020-07-14 15:31 - 2020-06-10 22:35 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-07-14 15:31 - 2020-06-10 22:35 - 000629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2020-07-14 15:31 - 2020-06-10 22:29 - 005272064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-07-14 15:31 - 2020-06-10 22:27 - 001728512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-07-14 15:31 - 2020-06-10 22:22 - 001547264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-07-14 15:31 - 2020-06-09 01:12 - 001764872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-07-14 15:31 - 2020-06-09 01:05 - 000357824 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2020-07-14 15:31 - 2020-06-09 00:37 - 001489528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-07-14 15:31 - 2020-06-08 23:06 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-07-14 15:31 - 2020-06-06 15:58 - 001542672 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-07-14 15:31 - 2020-06-05 18:09 - 000430832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-07-14 15:31 - 2020-06-05 18:06 - 000320240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-07-14 15:31 - 2020-06-05 12:20 - 001441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-07-14 15:31 - 2020-06-05 12:16 - 000964096 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-07-14 15:31 - 2020-06-05 12:15 - 000781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-07-14 15:31 - 2020-06-05 12:15 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-07-14 15:31 - 2020-06-05 12:14 - 000358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-07-14 15:31 - 2020-06-05 12:06 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2020-07-14 15:31 - 2020-06-05 11:39 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-07-14 15:31 - 2020-06-04 15:33 - 001902240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2020-07-14 15:31 - 2020-06-04 15:32 - 002535960 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2020-07-14 15:31 - 2020-06-04 14:25 - 000427584 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2020-07-14 15:31 - 2020-06-04 14:21 - 000368240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2020-07-14 15:31 - 2020-06-04 09:58 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-07-14 15:31 - 2020-06-04 09:47 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-07-14 15:31 - 2020-06-04 09:43 - 000699904 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-07-14 15:31 - 2020-06-04 09:38 - 000628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-07-14 15:31 - 2020-06-03 14:40 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2020-07-14 15:31 - 2020-06-03 14:08 - 006220288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-07-14 15:31 - 2020-06-03 12:43 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2020-07-14 15:31 - 2020-06-03 12:12 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2020-07-14 15:31 - 2020-06-03 11:52 - 007040000 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-07-14 15:30 - 2020-07-08 04:28 - 000129024 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2020-07-14 15:30 - 2020-07-02 00:05 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-07-14 15:30 - 2020-07-01 23:32 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-07-14 15:30 - 2020-06-15 23:11 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2020-07-14 15:30 - 2020-06-12 20:29 - 000092944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 15:30 - 2020-06-12 19:27 - 000073776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll
2020-07-14 15:30 - 2020-06-10 23:52 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-07-14 15:30 - 2020-06-10 23:42 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2020-07-14 15:30 - 2020-06-10 23:41 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-07-14 15:30 - 2020-06-10 23:25 - 000498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-07-14 15:30 - 2020-06-10 23:24 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2020-07-14 15:30 - 2020-06-10 23:19 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2020-07-14 15:30 - 2020-06-10 23:17 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2020-07-14 15:30 - 2020-06-10 23:16 - 000148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2020-07-14 15:30 - 2020-06-10 23:15 - 000653824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-07-14 15:30 - 2020-06-10 23:13 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2020-07-14 15:30 - 2020-06-10 23:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2020-07-14 15:30 - 2020-06-10 23:04 - 001057792 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2020-07-14 15:30 - 2020-06-10 23:02 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2020-07-14 15:30 - 2020-06-10 22:59 - 000076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2020-07-14 15:30 - 2020-06-10 22:57 - 000279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2020-07-14 15:30 - 2020-06-10 22:56 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\keyiso.dll
2020-07-14 15:30 - 2020-06-10 22:55 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2020-07-14 15:30 - 2020-06-10 22:52 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-07-14 15:30 - 2020-06-10 22:52 - 004111872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-07-14 15:30 - 2020-06-10 22:50 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2020-07-14 15:30 - 2020-06-10 22:49 - 000882688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2020-07-14 15:30 - 2020-06-10 22:48 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 15:30 - 2020-06-10 22:44 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\keyiso.dll
2020-07-14 15:30 - 2020-06-10 22:40 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2020-07-14 15:30 - 2020-06-10 22:39 - 000173568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2020-07-14 15:30 - 2020-06-10 22:32 - 003317248 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2020-07-14 15:30 - 2020-06-10 22:31 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-07-14 15:30 - 2020-06-10 22:29 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2020-07-14 15:30 - 2020-06-10 22:28 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2020-07-14 15:30 - 2020-06-10 22:27 - 000710656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2020-07-14 15:30 - 2020-06-09 01:12 - 000374008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-07-14 15:30 - 2020-06-09 00:36 - 000316152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-07-14 15:30 - 2020-06-09 00:31 - 000255104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2020-07-14 15:30 - 2020-06-09 00:15 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-07-14 15:30 - 2020-06-08 23:44 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-07-14 15:30 - 2020-06-08 23:27 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-07-14 15:30 - 2020-06-08 23:18 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-07-14 15:30 - 2020-06-08 23:03 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-07-14 15:30 - 2020-06-05 12:15 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2020-07-14 15:30 - 2020-06-05 12:15 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-07-14 15:30 - 2020-06-05 12:14 - 000208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2020-07-14 15:30 - 2020-06-05 12:14 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-07-14 15:30 - 2020-06-05 12:09 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-07-14 15:30 - 2020-06-05 12:06 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-07-14 15:30 - 2020-06-05 12:06 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-07-14 15:30 - 2020-06-05 11:39 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-07-14 15:30 - 2020-06-03 14:48 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-07-14 15:30 - 2020-06-03 14:20 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWSD.dll
2020-07-14 15:30 - 2020-06-03 14:19 - 000505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2020-07-14 15:30 - 2020-06-03 12:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-07-14 15:30 - 2020-06-03 12:25 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2020-07-14 15:30 - 2020-06-03 12:24 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-07-14 15:30 - 2020-06-03 12:12 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\fdWSD.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-09 17:30 - 2011-11-21 23:08 - 000125952 _____ C:\Windows\SysWOW64\freqdb.db
2020-08-09 17:21 - 2016-11-15 03:17 - 000000566 _____ C:\Windows\Tasks\MATLAB R2016b Startup Accelerator.job
2020-08-09 17:15 - 2015-01-08 23:53 - 000000000 __RDO C:\Users\Logan\OneDrive
2020-08-09 17:12 - 2018-02-16 18:19 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-08-09 17:10 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-09 17:09 - 2015-01-09 16:42 - 000000000 ____D C:\ProgramData\NVIDIA
2020-08-09 16:50 - 2018-03-09 21:14 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\Mozilla
2020-08-09 16:43 - 2020-05-02 01:40 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\IGDump
2020-08-09 15:15 - 2015-01-09 00:37 - 003766784 ___SH C:\Users\Logan\Desktop\Thumbs.db
2020-08-09 14:55 - 2015-01-08 23:55 - 000003786 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{5D6E93DF-8F04-46ED-804D-261BDE051576}
2020-08-07 19:05 - 2014-03-18 06:03 - 001005078 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-07 19:05 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2020-08-07 18:52 - 2015-01-09 00:05 - 000000000 ____D C:\Program Files (x86)\Steam
2020-08-07 00:55 - 2015-01-08 23:58 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-388570003-4217937664-1560118732-1001
2020-08-06 18:40 - 2017-07-26 21:51 - 000003176 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-388570003-4217937664-1560118732-1001
2020-08-06 18:40 - 2016-04-25 14:57 - 000002337 _____ C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2020-08-05 20:53 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\LiveKernelReports
2020-08-05 01:11 - 2016-05-14 17:27 - 000000000 ____D C:\Users\Logan\AppData\Local\NPE
2020-08-04 21:06 - 2015-01-08 23:52 - 000000000 ____D C:\Users\Logan
2020-08-04 19:18 - 2019-04-19 18:17 - 000000000 ____D C:\Users\Logan\AppData\Roaming\uTorrent
2020-08-04 17:21 - 2019-04-19 18:18 - 000000000 ____D C:\Users\Logan\AppData\Local\BitTorrentHelper
2020-08-03 12:11 - 2015-01-25 21:53 - 000000000 ____D C:\Users\Logan\AppData\Local\CrashDumps
2020-08-03 01:03 - 2020-05-13 19:20 - 000000000 ____D C:\Users\Logan\AppData\LocalLow\uTorrent
2020-08-02 20:05 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2020-08-02 19:37 - 2020-05-02 01:39 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-02 19:37 - 2020-05-02 01:39 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-02 19:19 - 2018-03-09 21:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-31 23:33 - 2018-03-09 21:14 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-07-31 13:45 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2020-07-31 13:40 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-29 18:06 - 2015-01-08 23:57 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-25 23:19 - 2019-11-09 15:35 - 000000000 ____D C:\Users\Logan\AppData\Roaming\Vortex
2020-07-24 19:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2020-07-22 23:41 - 2013-08-22 11:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-22 23:39 - 2015-01-09 23:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-19 16:27 - 2015-01-09 00:28 - 000000000 ____D C:\Users\Logan\AppData\Local\ElevatedDiagnostics
2020-07-16 00:35 - 2013-08-22 10:44 - 000526712 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\setup
2020-07-16 00:29 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\System
2020-07-16 00:29 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2020-07-14 18:49 - 2018-03-14 11:49 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-07-14 18:49 - 2015-12-29 01:19 - 000004288 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-14 18:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-07-14 18:49 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-13 00:27 - 2015-01-30 23:01 - 000000000 ____D C:\Users\Logan\Documents\Nexus Mod Manager
2020-07-12 15:19 - 2015-01-13 23:20 - 000000000 ____D C:\Users\Logan\AppData\Local\Skyrim
2020-07-11 11:54 - 2020-05-10 20:38 - 000000000 ____D C:\Users\Logan\Desktop\Mom Dat

==================== Files in the root of some directories ========

2020-08-02 19:17 - 2020-08-02 19:17 - 000000024 _____ () C:\ProgramData\930976.bat
2020-08-02 19:17 - 2020-08-02 19:17 - 000000116 _____ () C:\Users\Logan\AppData\Roaming\hero.md
2017-12-07 04:10 - 2017-12-07 04:10 - 000037145 _____ () C:\Users\Logan\AppData\Roaming\XFLR5.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-07-30 01:20
==================== End of FRST.txt ========================

 

Thank you,

Logan

Crash window.jpg

FRST.txt Addition.txt AdwCleaner[C07].txt MalwareResults.txt

Link to post
Share on other sites

Hiya Logan,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin



Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

Next,

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo should now show in the Run box.

user posted image

That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply.


To start the scan select OK in the "Run" box.

user posted image

The Windows Protected your PC window will open, select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

user posted image

Attach the report information as previously instructed....
 
Thank you,
 
Kevin.

fixlist.txt

Edited by kevinf80
Link to post
Share on other sites

Hello Kevin, 

My computer seems better just two quick issues, first when I hit restart it crashes to the select OS mode that I attached before, and second on boot a terminal window comes up from the RegAsm.exe program, the options prompt appears, then closes itself. I assume these are both benign issues that are just leftovers from whatever caused the error but if you could confirm that they probably aren't malicious it would put my mind at ease.

Thank you very much,

Logan

Link to post
Share on other sites

Hello Logan,

What you describe seems to indicate RegAsm.exe is still causing problems, whilst the file is a legitimate Windows file it can be exploited and run a different way. It would normally be in the following folder: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe,

Lets run a couple of scans with FRST and see if we can see what is happening...

Run FRST one more time:

Type the following in the edit box after "Search:".

RegAsm.exe

Click Search Files button and post the log (Search.txt) it makes to your reply...

user posted image
 
Next,
 
Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image
 
Thank you,
 
Kevin...

 

Link to post
Share on other sites

Hiya Logan,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Hi Kevin, 

Both seem clean, I've attached the log anyway, the weird restart error and RegAsm.exe problems are persisting but I'm not seeing any other errors or symptoms so I guess I'm clean? If you have no other ideas I can probably just repair my OS and my mind will be at ease. 

Thank you for all your help,

Logan 

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.