I have been getting lots of trojans popping up in Windows Security, I go through the motions of removing them, but they keep coming back after restarting. Now I think they keep coming back as different named ones.
My computer will not upload the FRST or ADDITION files so I am starting this thread from another computer for now.
Computer is a Pre-built 64-bit, windows 10 Professional O.S.
Intel Core 2 quad CPU, Q6600 @ 2.4 GHz 2.39 GHz
4 GB Ram
I could only get the FRST file uploaded before now getting BLOCKED from your site.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01
Ran by Owner (administrator) on BRIANDESKTOP (Dell Inc. OptiPlex 755) (22-01-2020 17:12:43)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & supportaccount & DefaultAppPool)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bluebeam, Inc. -> Bluebeam, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe
(CyberLink -> Cyberlink Corp.) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NTI Corporation -> ) C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer -> TeamViewer GmbH) C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Pushbutton PDF\Bluebeam Admin User.exe [107568 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe [880688 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (CyberLink -> Cyberlink Corp.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [386392 2019-12-07] (Sage Software, Inc. -> Sage)
HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1089712 2016-10-21] (NTI Corporation -> NTI Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe [219592 2019-12-15] (Google LLC -> Google LLC)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198000 2019-12-18] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --notification-launch-id="3|0|Default|0|hxxps://www.youtube.com/|p#hxxps://www.youtube.com/#1Abraham Hicks Love Yourself Into Alignment No Ads DuringRecommended: And Joyhxxps://lh5.googleusercontent.com/-XBvK8XLGuPc/AAAAAAAAAAI/AAAAAAAAAAA/SObKNmNihmw/s96-mo/photo.jpg" --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\MountPoints2: {907b6325-bffc-11e3-8be2-806e6f6e6963} - "D:\start.exe"
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb [2016-12-26]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb [2016-12-26]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-01-22]
ShortcutTarget: Windows Defender.lnk -> C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe (TeamViewer -> TeamViewer GmbH)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003CDC2E-93C2-4FD7-ADE6-D189B3F331FE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {00FC7519-833A-415B-B0BB-E0A6D8E2F60E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {03C16BC1-F4F3-44A7-994D-35A28CB681A9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {043F0B55-4022-4D6B-B267-B358C2DB6CCE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {052B12E6-DC6F-4B0E-9878-ADF6C2FC00D0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0573E675-FA70-4A16-948C-551C99B695A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0906F0AB-A8CD-435F-BDA4-0932697C3AF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {098F8197-0609-42C8-8137-75D17DE4D323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EFAF3D1-8991-4545-9D6D-5BD0E164BC46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {16296365-C78D-4E16-84A5-12997B4A1BA5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {203D2B5D-DBAB-45F6-801F-292E6E1C130C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D591A9C-4ADB-433D-9DE5-2DF5F1F02573} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {2D9D6A1A-4A91-4546-BDA6-02BF8AE04A0D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {30B9A528-3F8B-4A5D-BB2B-41B7B351F426} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32B952E2-1958-412A-816D-B9919C1DE7F7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {3518859E-2071-4F49-9D05-4CD4B764ECBA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {455AD01A-A8CE-4F17-98BF-D4973293B211} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BCD6644-903D-417C-8943-2580435717C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CCC1466-E0BC-46E5-89B2-ED866138B13D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6030F09E-8D4C-4933-AD8A-4128FCEA57D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {610A82AC-5BF0-486F-9CAF-B58EC26C2BBB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6121F116-9746-441A-9CDC-350729AA44DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {63D0110B-9C57-42ED-BB1E-A1BAFE55D744} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6619266F-8CB4-4F3C-827F-7F0AC193F7A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66649AED-C261-4CFE-ADA5-C6286218026A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {6C103E98-1636-4300-9B3D-BB9415462B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7557BBCE-0C80-4E7A-A9F9-35F960610A55} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {7A1EAC41-2F2F-4A37-B4B2-9D91A4315AC5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EC8CF87-DC24-4E8A-9B97-D4E20E6867A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. -> Adobe)
Task: {82125653-3B24-47E6-BA6A-FE584E3436AD} - System32\Tasks\{20481B20-8659-4CEA-8F80-85FDB2A7B758} => C:\Windows\system32\pcalua.exe -a D:\AutoRunPro.exe -d D:\
Task: {8AA89A41-ABB4-4692-8E0B-40A1F14E294F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8C51AA78-3039-4B6B-B9AA-019F8F6D130F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F313ABA-6BF1-41E8-8FD2-46BB7435A747} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {A2145D31-F1A3-411E-B90B-9AE1B0B34549} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A34D8CB6-5C8C-414D-A959-D9ED162EA2F9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {A9BB17FB-7177-4C9A-9158-147DDA9EFBC0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD9F190F-B2C4-4722-AEE6-469892D6E329} - System32\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {AF8D3E46-F763-4AFF-8844-5E52834750FD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B352AC5F-B4CE-4DAA-B3E1-E12CAE400EDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {BC4DE2DF-6FA9-47CF-8937-E8B950836E9F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD89D6BF-24A6-492E-9DD7-480BE206CC0D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07B5952-9F2D-4F91-851E-EB8C89412D51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7C4BE24-93A4-42F1-8921-E59072D96588} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0DB9595-4F69-4F57-A997-AE69C331C0DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D2F3ED54-DA24-4657-A3D0-763719F6EDDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D377E2CF-3176-4373-8D96-67F735D63F38} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D636A3F9-8C1B-4ECB-B565-CB5373B61D14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBCED337-F724-44FC-AAE0-61C4494DA67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA1D292-931E-45F8-8840-30FE1D2DF3DE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA09F9F5-1F58-4E3E-8D78-3A40136219F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {EFA2719A-95AF-4AFB-B6BB-A7E9B6ADD9B4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0786202-87EE-4F37-ACBF-03D38C365436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {F72A7DAB-BEA1-4DDE-81CB-13AC03F80DC0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F9980EE5-9420-4004-8988-41DE42DA4BAC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FD1A77FF-417B-4029-9DE1-E6E0C185FF44} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.153.176.1 8.8.8.8
Tcpip\..\Interfaces\{3b0d0c84-b83f-4f62-94e0-ec285251d325}: [DhcpNameServer] 192.168.1.1 64.59.184.15 64.59.190.245
Tcpip\..\Interfaces\{ee62e349-4d1d-4426-ae7a-a196c4ab401b}: [DhcpNameServer] 75.153.176.1 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> DefaultScope {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {DD1DA92C-0E5D-4A85-AC19-63D149FC9583} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Owner\Downloads
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll [2012-01-11] (MiTAC International Corporation -> Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-28] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://player.siriusxm.ca/home/foryou#/player/live","hxxps://www.facebook.com/","hxxps://webmail.telus.net/#1","hxxps://shopbadmintononline.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US876D20150913&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://www.facebook.com; hxxps://www.icy-veins.com; hxxps://www.pinterest.com; hxxps://www.youtube.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2020-01-22]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-01-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-27]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-27]
CHR HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-06-22] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation -> Intel Corporation)
S4 LogService; C:\RealTick\log_service32.exe [22528 2012-10-05] (Townsend Analytics) [File not signed]
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [105136 2016-10-21] (NTI Corporation -> )
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-12-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2017 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2017 - CDN\Sage_SA.TransactionManager.exe [42400 2017-06-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2018 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2018 - CDN\Sage_SA.TransactionManager.exe [42400 2018-05-31] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2019 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2019 - CDN\Sage_SA.TransactionManager.exe [42328 2019-06-03] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2020 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2020 - CDN\Sage_SA.TransactionManager.exe [42328 2019-12-07] (Sage Software, Inc. -> Sage)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [35160 2019-12-07] (Sage Software, Inc. -> Sage)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer -> TeamViewer GmbH)
R2 termservice; c:\program files\windows mail\appcache.xml [55296 2020-01-21] (fhhfyayy4gfgg) [File not signed] <==== ATTENTION (no ServiceDLL)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate (Desktop)\Transfer\DriverInstall.exe [107760 2019-09-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NxDrv; C:\WINDOWS\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc. -> SonicWALL Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-11-29] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [24192 2005-04-26] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-22 17:12 - 2020-01-22 17:14 - 000038679 _____ C:\Users\Owner\Downloads\FRST.txt
2020-01-22 17:12 - 2020-01-22 17:12 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2020-01-22 17:11 - 2020-01-22 17:11 - 000000000 ___HD C:\OneDriveTemp
2020-01-22 16:54 - 2020-01-22 16:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\PeerDistRepub
2020-01-21 22:23 - 2020-01-21 22:23 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-21 22:03 - 2019-12-09 21:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-21 22:03 - 2019-12-09 20:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-21 18:02 - 2020-01-21 18:02 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Comms
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\LocalLow\Adobe
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Adobe
2020-01-08 18:23 - 2020-01-08 18:23 - 000124806 _____ C:\Users\Owner\Downloads\Tylers kitchen with 40_ uppers.pdf
2020-01-08 17:55 - 2020-01-08 17:55 - 000145140 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers (1).pdf
2020-01-08 16:12 - 2020-01-08 16:12 - 000132184 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers.pdf
2020-01-08 13:10 - 2020-01-08 13:10 - 594621545 _____ C:\WINDOWS\MEMORY.DMP
2020-01-08 13:10 - 2020-01-08 13:10 - 000566948 _____ C:\WINDOWS\Minidump\010820-11734-01.dmp
2020-01-08 13:10 - 2020-01-08 13:10 - 000000000 ____D C:\WINDOWS\Minidump
2020-01-08 12:57 - 2020-01-08 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-01-05 15:07 - 2020-01-05 15:07 - 001239195 _____ C:\Users\Owner\Downloads\Tylers kitchen.pdf
2019-12-31 10:14 - 2019-12-31 10:14 - 000148341 _____ C:\Users\Owner\Downloads\ReceiptReport.pdf
2019-12-31 09:50 - 2020-01-21 14:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Batiscaf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-22 17:14 - 2019-07-22 15:08 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-22 17:14 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-22 17:13 - 2016-12-23 23:35 - 000000000 ____D C:\FRST
2020-01-22 17:12 - 2019-12-02 10:43 - 002580480 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2020-01-22 17:11 - 2016-07-19 13:55 - 000000000 ___RD C:\Users\Owner\OneDrive
2020-01-22 17:09 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-22 17:07 - 2019-07-22 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-22 17:07 - 2019-07-22 14:55 - 001647392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-22 17:07 - 2016-09-15 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-22 17:06 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-22 14:37 - 2019-07-22 15:10 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D45969D5-1613-4F7B-AFEC-C03FFEFFC0FE}
2020-01-22 13:18 - 2016-12-26 17:05 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-22 12:14 - 2019-07-22 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-21 22:34 - 2013-12-23 13:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-21 22:28 - 2013-12-23 13:06 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-21 22:27 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-21 22:08 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Packages
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-21 14:54 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Roaming\Adobe
2020-01-21 14:42 - 2019-12-02 10:23 - 000000000 ___RD C:\Users\supportaccount\3D Objects
2020-01-21 14:42 - 2016-04-26 22:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-01-21 14:41 - 2019-12-13 21:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DBLite
2020-01-21 14:41 - 2019-12-08 09:54 - 000000000 ____D C:\Users\Owner\AppData\Roaming\MyLiteDB
2020-01-21 14:33 - 2016-05-04 18:20 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2020-01-21 12:11 - 2019-12-18 13:55 - 000000925 _____ C:\Windows Defender.lnk
2020-01-21 12:01 - 2019-07-22 15:10 - 000004594 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-21 12:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-21 12:00 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-09 21:08 - 2014-04-22 21:12 - 000000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2020-01-08 21:59 - 2019-07-22 15:01 - 000000000 ____D C:\Users\Owner
2020-01-08 17:32 - 2014-06-30 11:41 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2020-01-08 12:57 - 2015-11-02 18:16 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-01-07 18:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-01-07 18:26 - 2014-06-17 16:17 - 000000000 ____D C:\Users\Owner\Documents\Li-Ning
2020-01-06 17:08 - 2015-10-14 18:07 - 000004875 _____ C:\WINDOWS\ODBC.INI
2020-01-06 16:52 - 2019-10-30 19:38 - 000000000 ____D C:\Program Files (x86)\Sage 50 Pro Accounting Version 2020
2020-01-06 16:48 - 2019-07-22 15:10 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2941010735-3585041794-3592001094-1000
2020-01-06 16:48 - 2019-07-22 15:01 - 000002409 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-06 11:29 - 2019-07-22 15:10 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-31 15:47 - 2016-07-19 13:50 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-12-31 15:29 - 2019-12-07 12:04 - 000795250 _____ C:\WINDOWS\ntbtlog.txt
2019-12-31 15:22 - 2016-12-26 09:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-12-31 13:09 - 2016-12-26 17:04 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-12-31 09:32 - 2019-11-26 20:18 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DScience
==================== Files in the root of some directories ========
2016-12-26 17:40 - 2016-12-30 07:23 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
2014-06-07 20:29 - 2014-06-07 20:29 - 000007652 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2017-04-08 09:26 - 2017-04-08 09:26 - 000000000 _____ () C:\Users\Owner\AppData\Local\{62287BAF-A115-49BA-9240-5503F719DF52}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
My computer will not upload the FRST or ADDITION files so I am starting this thread from another computer for now.
Computer is a Pre-built 64-bit, windows 10 Professional O.S.
Intel Core 2 quad CPU, Q6600 @ 2.4 GHz 2.39 GHz
4 GB Ram
I could only get the FRST file uploaded before now getting BLOCKED from your site.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2020 01
Ran by Owner (administrator) on BRIANDESKTOP (Dell Inc. OptiPlex 755) (22-01-2020 17:12:43)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & supportaccount & DefaultAppPool)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bluebeam, Inc. -> Bluebeam, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe
(CyberLink -> Cyberlink Corp.) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(NTI Corporation -> ) C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Sage Software, Inc. -> Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer -> TeamViewer GmbH) C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Pushbutton PDF\Bluebeam Admin User.exe [107568 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe [880688 2019-04-17] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (CyberLink -> Cyberlink Corp.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6261760 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [386392 2019-12-07] (Sage Software, Inc. -> Sage)
HKLM-x32\...\Run: [BackupNowEZ4Tray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\Bunez4Tray.exe [1089712 2016-10-21] (NTI Corporation -> NTI Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe [219592 2019-12-15] (Google LLC -> Google LLC)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9198000 2019-12-18] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --notification-launch-id="3|0|Default|0|hxxps://www.youtube.com/|p#hxxps://www.youtube.com/#1Abraham Hicks Love Yourself Into Alignment No Ads DuringRecommended: And Joyhxxps://lh5.googleusercontent.com/-XBvK8XLGuPc/AAAAAAAAAAI/AAAAAAAAAAA/SObKNmNihmw/s96-mo/photo.jpg" --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\...\MountPoints2: {907b6325-bffc-11e3-8be2-806e6f6e6963} - "D:\start.exe"
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\Acrobat.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\AcroRd32.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\EXCEL.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\iexplore.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\INFOPATH.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\java.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaw.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\javaws.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\LYNC.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSACCESS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\MSPUB.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OIS.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\OUTLOOK.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\POWERPNT.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\PPTVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VISIO.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\VPREVIEW.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\WINWORD.EXE: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\Custom\wordpad.exe: [{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb] -> EMET_Database
HKLM\Software\...\AppCompatFlags\InstalledSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{e1c810aa-f7cc-4aaf-ada1-181863075f9b}.sdb [2016-12-26]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{f8c4cc07-6dc4-418f-b72b-304fcdb64052}.sdb [2016-12-26]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-22] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.lnk [2020-01-22]
ShortcutTarget: Windows Defender.lnk -> C:\Users\Owner\AppData\Roaming\Batiscaf\defwin.exe (TeamViewer -> TeamViewer GmbH)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {003CDC2E-93C2-4FD7-ADE6-D189B3F331FE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {00FC7519-833A-415B-B0BB-E0A6D8E2F60E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {03C16BC1-F4F3-44A7-994D-35A28CB681A9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {043F0B55-4022-4D6B-B267-B358C2DB6CCE} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {052B12E6-DC6F-4B0E-9878-ADF6C2FC00D0} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0573E675-FA70-4A16-948C-551C99B695A0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0906F0AB-A8CD-435F-BDA4-0932697C3AF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
Task: {098F8197-0609-42C8-8137-75D17DE4D323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0EFAF3D1-8991-4545-9D6D-5BD0E164BC46} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
Task: {16296365-C78D-4E16-84A5-12997B4A1BA5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {203D2B5D-DBAB-45F6-801F-292E6E1C130C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2D591A9C-4ADB-433D-9DE5-2DF5F1F02573} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-21] (Adobe Inc. -> Adobe)
Task: {2D9D6A1A-4A91-4546-BDA6-02BF8AE04A0D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {30B9A528-3F8B-4A5D-BB2B-41B7B351F426} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {32B952E2-1958-412A-816D-B9919C1DE7F7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantAllUsersRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {3518859E-2071-4F49-9D05-4CD4B764ECBA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {455AD01A-A8CE-4F17-98BF-D4973293B211} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BCD6644-903D-417C-8943-2580435717C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CCC1466-E0BC-46E5-89B2-ED866138B13D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6030F09E-8D4C-4933-AD8A-4128FCEA57D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {610A82AC-5BF0-486F-9CAF-B58EC26C2BBB} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6121F116-9746-441A-9CDC-350729AA44DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {63D0110B-9C57-42ED-BB1E-A1BAFE55D744} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6619266F-8CB4-4F3C-827F-7F0AC193F7A4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66649AED-C261-4CFE-ADA5-C6286218026A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {6C103E98-1636-4300-9B3D-BB9415462B4B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7557BBCE-0C80-4E7A-A9F9-35F960610A55} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {7A1EAC41-2F2F-4A37-B4B2-9D91A4315AC5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EC8CF87-DC24-4E8A-9B97-D4E20E6867A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_321_pepper.exe [1453624 2020-01-21] (Adobe Inc. -> Adobe)
Task: {82125653-3B24-47E6-BA6A-FE584E3436AD} - System32\Tasks\{20481B20-8659-4CEA-8F80-85FDB2A7B758} => C:\Windows\system32\pcalua.exe -a D:\AutoRunPro.exe -d D:\
Task: {8AA89A41-ABB4-4692-8E0B-40A1F14E294F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {8C51AA78-3039-4B6B-B9AA-019F8F6D130F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F313ABA-6BF1-41E8-8FD2-46BB7435A747} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {A2145D31-F1A3-411E-B90B-9AE1B0B34549} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A34D8CB6-5C8C-414D-A959-D9ED162EA2F9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Access Denied)
Task: {A9BB17FB-7177-4C9A-9158-147DDA9EFBC0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD9F190F-B2C4-4722-AEE6-469892D6E329} - System32\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe [41536 2017-03-08] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
Task: {AF8D3E46-F763-4AFF-8844-5E52834750FD} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B352AC5F-B4CE-4DAA-B3E1-E12CAE400EDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2941010735-3585041794-3592001094-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-06-20] (Google Inc -> Google Inc.)
Task: {BC4DE2DF-6FA9-47CF-8937-E8B950836E9F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD89D6BF-24A6-492E-9DD7-480BE206CC0D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C07B5952-9F2D-4F91-851E-EB8C89412D51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7C4BE24-93A4-42F1-8921-E59072D96588} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0DB9595-4F69-4F57-A997-AE69C331C0DD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D2F3ED54-DA24-4657-A3D0-763719F6EDDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D377E2CF-3176-4373-8D96-67F735D63F38} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D636A3F9-8C1B-4ECB-B565-CB5373B61D14} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DBCED337-F724-44FC-AAE0-61C4494DA67D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCA1D292-931E-45F8-8840-30FE1D2DF3DE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA09F9F5-1F58-4E3E-8D78-3A40136219F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {EFA2719A-95AF-4AFB-B6BB-A7E9B6ADD9B4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0786202-87EE-4F37-ACBF-03D38C365436} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-22] (Google Inc -> Google Inc.)
Task: {F72A7DAB-BEA1-4DDE-81CB-13AC03F80DC0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F9980EE5-9420-4004-8988-41DE42DA4BAC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FD1A77FF-417B-4029-9DE1-E6E0C185FF44} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2941010735-3585041794-3592001094-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\6519\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.153.176.1 8.8.8.8
Tcpip\..\Interfaces\{3b0d0c84-b83f-4f62-94e0-ec285251d325}: [DhcpNameServer] 192.168.1.1 64.59.184.15 64.59.190.245
Tcpip\..\Interfaces\{ee62e349-4d1d-4426-ae7a-a196c4ab401b}: [DhcpNameServer] 75.153.176.1 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> DefaultScope {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {425040C6-9BDE-414C-8BF9-1E7E1D880D6C} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US876D20150913&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2941010735-3585041794-3592001094-1000 -> {DD1DA92C-0E5D-4A85-AC19-63D149FC9583} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D19700101&p={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Owner\Downloads
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @MagellanGPS.com/CommunicationPlugin -> C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll [2012-01-11] (MiTAC International Corporation -> Magellan Navigation, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-28] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
FF Plugin HKU\S-1-5-21-2941010735-3585041794-3592001094-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://player.siriusxm.ca/home/foryou#/player/live","hxxps://www.facebook.com/","hxxps://webmail.telus.net/#1","hxxps://shopbadmintononline.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US876D20150913&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://www.facebook.com; hxxps://www.icy-veins.com; hxxps://www.pinterest.com; hxxps://www.youtube.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2020-01-22]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (IBM Security Rapport) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2019-12-27]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Honey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-01-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-18]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-12-27]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-27]
CHR HKU\S-1-5-21-2941010735-3585041794-3592001094-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-08] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-01-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-06-22] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation -> Intel Corporation)
S4 LogService; C:\RealTick\log_service32.exe [22528 2012-10-05] (Townsend Analytics) [File not signed]
R2 NTI Backup Now EZ 4 Scheduler; C:\Program Files (x86)\NTI\NTI Backup Now EZ 4\ScheduleService.exe [105136 2016-10-21] (NTI Corporation -> )
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3001632 2019-10-06] (IBM -> IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-12-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2017 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2017 - CDN\Sage_SA.TransactionManager.exe [42400 2017-06-06] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2018 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2018 - CDN\Sage_SA.TransactionManager.exe [42400 2018-05-31] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2019 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2019 - CDN\Sage_SA.TransactionManager.exe [42328 2019-06-03] (Sage Software, Inc. -> Sage)
S3 Sage 50 Transaction Manager 2020 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2020 - CDN\Sage_SA.TransactionManager.exe [42328 2019-12-07] (Sage Software, Inc. -> Sage)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [35160 2019-12-07] (Sage Software, Inc. -> Sage)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer -> TeamViewer GmbH)
R2 termservice; c:\program files\windows mail\appcache.xml [55296 2020-01-21] (fhhfyayy4gfgg) [File not signed] <==== ATTENTION (no ServiceDLL)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Video Converter Ultimate (Desktop)\Transfer\DriverInstall.exe [107760 2019-09-26] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_db678424d2641c3d\nvlddmkm.sys [22094728 2019-10-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NxDrv; C:\WINDOWS\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc. -> SonicWALL Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [429112 2019-10-06] (IBM -> IBM Corp.)
R1 RapportCerberus_1950099; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1950099.sys [1466824 2019-11-29] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [542112 2019-10-06] (IBM -> IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [395384 2019-10-06] (IBM -> IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [445240 2019-10-06] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [560568 2019-10-06] (IBM -> IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [24192 2005-04-26] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-22 17:12 - 2020-01-22 17:14 - 000038679 _____ C:\Users\Owner\Downloads\FRST.txt
2020-01-22 17:12 - 2020-01-22 17:12 - 000000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2020-01-22 17:11 - 2020-01-22 17:11 - 000000000 ___HD C:\OneDriveTemp
2020-01-22 16:54 - 2020-01-22 16:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\PeerDistRepub
2020-01-21 22:23 - 2020-01-21 22:23 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-01-21 22:23 - 2020-01-21 22:23 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-01-21 22:23 - 2020-01-21 22:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll
2020-01-21 22:23 - 2020-01-21 22:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-01-21 22:22 - 2020-01-21 22:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2020-01-21 22:22 - 2020-01-21 22:22 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
2020-01-21 22:22 - 2020-01-21 22:22 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-01-21 22:03 - 2019-12-09 21:15 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-01-21 22:03 - 2019-12-09 20:59 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-01-21 18:02 - 2020-01-21 18:02 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Comms
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\LocalLow\Adobe
2020-01-21 14:54 - 2020-01-21 14:54 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Adobe
2020-01-08 18:23 - 2020-01-08 18:23 - 000124806 _____ C:\Users\Owner\Downloads\Tylers kitchen with 40_ uppers.pdf
2020-01-08 17:55 - 2020-01-08 17:55 - 000145140 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers (1).pdf
2020-01-08 16:12 - 2020-01-08 16:12 - 000132184 _____ C:\Users\Owner\Downloads\Tylers kitchen 30_ uppers.pdf
2020-01-08 13:10 - 2020-01-08 13:10 - 594621545 _____ C:\WINDOWS\MEMORY.DMP
2020-01-08 13:10 - 2020-01-08 13:10 - 000566948 _____ C:\WINDOWS\Minidump\010820-11734-01.dmp
2020-01-08 13:10 - 2020-01-08 13:10 - 000000000 ____D C:\WINDOWS\Minidump
2020-01-08 12:57 - 2020-01-08 12:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-01-07 05:21 - 2020-01-07 05:21 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-01-05 15:07 - 2020-01-05 15:07 - 001239195 _____ C:\Users\Owner\Downloads\Tylers kitchen.pdf
2019-12-31 10:14 - 2019-12-31 10:14 - 000148341 _____ C:\Users\Owner\Downloads\ReceiptReport.pdf
2019-12-31 09:50 - 2020-01-21 14:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Batiscaf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-01-22 17:14 - 2019-07-22 15:08 - 000972156 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-01-22 17:14 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2020-01-22 17:13 - 2016-12-23 23:35 - 000000000 ____D C:\FRST
2020-01-22 17:12 - 2019-12-02 10:43 - 002580480 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2020-01-22 17:11 - 2016-07-19 13:55 - 000000000 ___RD C:\Users\Owner\OneDrive
2020-01-22 17:09 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-22 17:07 - 2019-07-22 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-22 17:07 - 2019-07-22 14:55 - 001647392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-01-22 17:07 - 2016-09-15 22:51 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-01-22 17:06 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-01-22 17:06 - 2019-03-18 20:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-01-22 14:37 - 2019-07-22 15:10 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D45969D5-1613-4F7B-AFEC-C03FFEFFC0FE}
2020-01-22 13:18 - 2016-12-26 17:05 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-01-22 13:18 - 2016-12-26 17:05 - 000002300 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-01-22 12:14 - 2019-07-22 14:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-21 22:34 - 2013-12-23 13:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-01-21 22:28 - 2013-12-23 13:06 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-01-21 22:27 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-01-21 22:08 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Local\Packages
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-21 22:08 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-21 14:54 - 2019-12-02 10:23 - 000000000 ____D C:\Users\supportaccount\AppData\Roaming\Adobe
2020-01-21 14:42 - 2019-12-02 10:23 - 000000000 ___RD C:\Users\supportaccount\3D Objects
2020-01-21 14:42 - 2016-04-26 22:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-01-21 14:41 - 2019-12-13 21:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DBLite
2020-01-21 14:41 - 2019-12-08 09:54 - 000000000 ____D C:\Users\Owner\AppData\Roaming\MyLiteDB
2020-01-21 14:33 - 2016-05-04 18:20 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2020-01-21 12:11 - 2019-12-18 13:55 - 000000925 _____ C:\Windows Defender.lnk
2020-01-21 12:01 - 2019-07-22 15:10 - 000004594 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-01-21 12:01 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-01-21 12:00 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-01-09 21:08 - 2014-04-22 21:12 - 000000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2020-01-08 21:59 - 2019-07-22 15:01 - 000000000 ____D C:\Users\Owner
2020-01-08 17:32 - 2014-06-30 11:41 - 000000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2020-01-08 12:57 - 2015-11-02 18:16 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-01-07 18:51 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2020-01-07 18:26 - 2014-06-17 16:17 - 000000000 ____D C:\Users\Owner\Documents\Li-Ning
2020-01-06 17:08 - 2015-10-14 18:07 - 000004875 _____ C:\WINDOWS\ODBC.INI
2020-01-06 16:52 - 2019-10-30 19:38 - 000000000 ____D C:\Program Files (x86)\Sage 50 Pro Accounting Version 2020
2020-01-06 16:48 - 2019-07-22 15:10 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2941010735-3585041794-3592001094-1000
2020-01-06 16:48 - 2019-07-22 15:01 - 000002409 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-06 11:29 - 2019-07-22 15:10 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-12-31 15:47 - 2016-07-19 13:50 - 000000000 ____D C:\Users\Owner\AppData\Local\Packages
2019-12-31 15:29 - 2019-12-07 12:04 - 000795250 _____ C:\WINDOWS\ntbtlog.txt
2019-12-31 15:22 - 2016-12-26 09:25 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-12-31 13:09 - 2016-12-26 17:04 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-12-31 09:32 - 2019-11-26 20:18 - 000000000 ____D C:\Users\Owner\AppData\Roaming\DScience
==================== Files in the root of some directories ========
2016-12-26 17:40 - 2016-12-30 07:23 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
2014-06-07 20:29 - 2014-06-07 20:29 - 000007652 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2017-04-08 09:26 - 2017-04-08 09:26 - 000000000 _____ () C:\Users\Owner\AppData\Local\{62287BAF-A115-49BA-9240-5503F719DF52}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================